I've got 1 Cisco router and 2 Juniper SRX340's with VPN's between all three.
The Cisco to Juniper's seem fine but every few days it seems the VPN between the Juniper's will stop sending traffic. When I look at the 'show security ipsec security-associations' it still shows the tunnel however. The only way I could get it to start sending traffic again was to either reboot the Juniper or remove it and add it back in.
I've just enabled DPD but I'm not sure this will fix it as I believe it just contacts the peer IP of the other side and this was always pinging fine during the stale session.
I've just found out about the command 'restart ipsec-key-management immediately' so will try that if it does it again instead of having to completely remove the VPN but I wondered if anyone had other advise to stop this happening at all?
Thanks
No comments:
Post a Comment