Hi, Lifetime is the same on both devices, it seems to be load related, because traffic forwarding dies if it get's to much traffic.
Thanks, I will try DPD and see if it makes any difference. Regards Johan On Tue, Jan 3, 2012 at 11:34 AM, Humair Ali <humair.s....@gmail.com> wrote: > Hi Johan > > I am guessing the 24hrs is also the lifetime of one of your phase 1 or > phase 2 ? > > It could be a bug in that the Juniper does not rekeying the phase 1 or the > phase 2 (although the SA are up, the rekeying does not occur properly), > thiss wouldn't be uncommon especially when peering with a Cisco . > > somehow one of the 2 end is active (hence why SA is UP) but the other end > is not . > > Have you try DPD to be enable on Juniper and Cisco end ? maybe it will > force the rekeying to occur between the 2, > > I know it is available in Netscreen but not sure about SRX, but I > remember hearing so. > > > > On 3 January 2012 07:35, Johan Borch <johan.bo...@gmail.com> wrote: > >> Hi, >> >> I have an IPSEC tunnel between an Juniper SRX (policy based) running >> 10.4R6.5 and a Cisco ASA 5510, the SA's are established but about once per >> 24h hours (but can also work for days) the tunnel stops forwarding >> traffic, >> the SA's are still established. has anyone seen this behavior before? The >> solution is to take the tunnel down and establish it again. >> >> Regards >> Johan >> _______________________________________________ >> juniper-nsp mailing list juniper-nsp@puck.nether.net >> https://puck.nether.net/mailman/listinfo/juniper-nsp >> > > > > -- > Humair > > _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp