10-22-2010 07:49 AM
while working on a vpn tunnel (from an srx210 to an srx240), we are migrating to a new isp on one side. simply changing the ike gateway remote address did not update the firewall to actually send ike packets to the new endpoint. i had to delete the ike gateway, ike policy, ipsec policy and ipsec vpn sections, commit and then rollback.
10-23-2010 07:03 AM
Uh clear security ike security-associatents might have done the trick.........