Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1786
Views
0
Helpful
1
Replies

SA time lifetime resets VPN tunnel between ASA and Juniper Netscreen

rimbertr1
Level 1
Level 1

‎01-16-2009 10:46 AM

I have a L2L VPN tunnel from our ASA to a customer's Juniper Netscreen. The tunnel is up but whenever the SA time lifetime is reached, the tunnel resets itself (it drops the tunnel). It is able to re-establish itself automatically, but the customer is alerted by their monitoring processes whenever this happens.

The tunnel should remain on even when the SA lifetime is reached - especially since it is able to re-establish it. I've searched these forums and haven't seen a problem like this. We're running Cisco Adaptive Security Appliance Software Version 7.0(7).

We used to use VPN Concentrators but we have switched to ASA and I'm not that familiar so if someone has some troubleshooting steps, I'd appreciate it.

Labels:
0 Helpful
1 Reply 1

htarra
Level 4
Level 4

‎01-22-2009 01:43 PM

We are receiving "Initial-Contact" Notifications at the 8 hour expiration of the lifetime value. This is why the sessions get dropped. This is not the normal Phase1 re-key process. On a normal Phase1 re-key sessions will be maintained.

This is not seen on Netscreen to Netscreen VPN tunnels; nor is it seen on our tunnels to Cisco PIX firewalls at other locations.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents