On 2/4/2012 7:23 AM, Loris Modenese wrote:
Hi Kevin, I can confirm what Gergely said. The problem it is related to the NAT-T and DPD code on both 2.1.7 and 2.2.0 versions. With NAT-T disabled or with a dial-up connection (public IP address) the link is stable. I've also notice that no matter the client it is configured (with or w/o DPD and different timeout) it keep on sending DPD every 30sec when NAT-T option is enabled for 10 times then it always disconnect (about 5-5.5 min). I tested the config with 4 SRX-240H, 1 SRX-210H and 3 SRX-100 running JunOS 10.4 with the same results.
Hmm, this doesn't sound good. Is the client initiating the DPD messages or responding to them ( or both )? Can you send me a sample of the log output with the IP addresses obscured? If the client is simply ignoring the DPD configuration option, that shouldn't be too hard to fix.
-Matthew _______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
