[j-nsp] SRX Site-to-Site Question

[Pavel Lunin]

 This works for a few hours approximately and then no traffic will pass.
>

As a quick test try to decrease the SA timelive (both phase 1 and 2) to
possible configurable minimum. If the freezing time changes (AFIAR it's
rekeyed each half-life period), you'll have a way to go further. Also check
if clearing ike and ipsec SAs (instead of rebooting the whole box) helps.

Didn't understand whether your case is SRX-to-SRX or SRX-to-something. I've
heard from colleagues they ran into similar symptoms, caused by inability
to rekey due to Cisco ASA software issue (not apparent in the ASA-to-ASA
case), don't know much details though.