Like to clearify few of the things: One of my client has configured Route based VPN from SRX1400 to a VSAT modem. Behind the SRX1400 there are servers connected and after VSAT modem there is the end device.
There are no. of tunnels configured to diffrent diffrent location. What i have seen the VPN works great for traffic coming from a particluar server and for the other server there is an issue. The remote end device if goes power off and comes up the ipsec should also come up. But what i have seen in SRX it shows IPSEC is up , But from the server lan i am unable to ping the remte end device and it is offline .
So is there anything related to ALG here. I have seen many times ALG blocks traffic. Also i have checked one PR for the running version of SRX at customer place. The PR is attached on the PDF.
That i understand, to recover the issue the device connected to the vsat modem i have to restart couple of times than in some cases it works and in some other cases , we have to disable ipsec on vsat and SRX and than start the device connected to the vsat , it works fine without ipsec, and than re-enable ipsec on both the sites.
We did check traceoption on the SRX but was not usefull.
Another question if it is passthrough traffic also , when a bit or traffic is coming from the other end to SRX it will follows the traffic rules to forward it in which if it is a first packet..heck zone, policy nat and alg also . So if alg is enable than how it will treat it? I have seen something that ike-esp will open a gate etc. Could you explain me this?