Hi Jimmy, please try reducing phase 2 proposal lifetime to 3600 seconds and increase phase 1 lifetime to 86400.
regards, Asad On Tue, Apr 27, 2010 at 12:47 PM, <mail...@oranged.to> wrote: > Hi There, > > I believe that all the phase1 and phase2 variables are 100% default.. 28800 > seconds? > > > ----- Original Message ----- > From: "Asad Raza" <asadgard...@gmail.com> > To: "Jimmy Stewpot" <mail...@oranged.to> > Cc: juniper-nsp@puck.nether.net > Sent: Tuesday, 27 April, 2010 5:20:11 PM > Subject: Re: [j-nsp] Netscreen dialup vpn questions > > Dear Jimmy, > > > please confirm what lifetime is set for phase 1 and phase 2 proposals. i > believe you cannot flush a session unless its lifetime is expire. > > > regards, > > > Asad > > > On Tue, Apr 27, 2010 at 11:28 AM, < mail...@oranged.to > wrote: > > > Hello, > > I have recently swapped out a Cisco ASA with a Juniper SSG due to some > problems with SIP on the ASA. The Juniper has been working really well with > SIP but I have some problems with the VPN which I am trying to resolve. We > have hundreds of dialup IPSEC VPN users who authenticate using RADIUS. The > problem is that they keep on getting disconnected or having problems > connecting. When I go and monitor the VPN's in the GUI I get the > following... > > > Dialup_VPN 0000817b -1/-1 <IP> AutoIKE Active Down > Dialup_VPN 0000816d -1/-1 <IP> AutoIKE Active Down > Dialup_VPN 00008176 -1/-1 <IP> AutoIKE Active Down > Dialup_VPN 0000816b -1/-1 <IP> AutoIKE Active Down > Dialup_VPN 0000814b -1/-1 <IP> AutoIKE Active Down > Dialup_VPN 0000817a -1/-1 <IP> AutoIKE Active Down > Dialup_VPN 0000816a -1/-1 <IP> AutoIKE Active Down > > Where we see the tunnels are active but the link is down.. The users then > appear to be unable to reconnect. Is there a way to automatically flush the > credentials/sa etc so that when they disconnect they are able to log back in > again? Where can I go for trying to debug this stuff more easily? Any advice > would be really appreciated. > > Regards, > > Jimmy. > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > > _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp