Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SA time lifetime resets VPN tunnel between ASA and Juniper Netscreen

I have a L2L VPN tunnel from our ASA to a customer's Juniper Netscreen. The tunnel is up but whenever the SA time lifetime is reached, the tunnel resets itself (it drops the tunnel). It is able to re-establish itself automatically, but the customer is alerted by their monitoring processes whenever this happens.

The tunnel should remain on even when the SA lifetime is reached - especially since it is able to re-establish it. I've searched these forums and haven't seen a problem like this. We're running Cisco Adaptive Security Appliance Software Version 7.0(7).

We used to use VPN Concentrators but we have switched to ASA and I'm not that familiar so if someone has some troubleshooting steps, I'd appreciate it.

1 REPLY
Bronze

Re: SA time lifetime resets VPN tunnel between ASA and Juniper N

We are receiving "Initial-Contact" Notifications at the 8 hour expiration of the lifetime value. This is why the sessions get dropped. This is not the normal Phase1 re-key process. On a normal Phase1 re-key sessions will be maintained.

This is not seen on Netscreen to Netscreen VPN tunnels; nor is it seen on our tunnels to Cisco PIX firewalls at other locations.

1603
Views
0
Helpful
1
Replies