10-22-2010 07:49 AM
while working on a vpn tunnel (from an srx210 to an srx240), we are migrating to a new isp on one side. simply changing the ike gateway remote address did not update the firewall to actually send ike packets to the new endpoint. i had to delete the ike gateway, ike policy, ipsec policy and ipsec vpn sections, commit and then rollback.
10-23-2010 07:03 AM
Uh clear security ike security-associatents might have done the trick.........
JNCIA IDP AC WX JNCIS FW SSL JNCIP SEC ENT SP JNCI
If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.