We have recently replaced a FortiGate firewall with a new Juniper SRX345. Networking-wise everything is working fine, however we are getting issues with e VPN connection to a Cisco SA520W. The VPN was working fine on the FortiGate, and no changes were made at the Cisco end. The configuration is attached.
We see the tunnels coming up, however we cannot reach the remote subnet. We also notice there are multiple IKE tunnels, where there should only be one. The tunnels sometimes keep adding up. Output attached.
We have also attached the logs. Any help/input would be appreciated. Thanks.
One thing I noticed is that I don't see any Out Pkts/Bytes in the flow sessions. Normal?
Afterwards I tried using traffic-selectors, however it would not commit while VPN Monitoring is enabled, so I deleted monitoring and used traffic-selectors instead. I also removed the static route from the routing-options.
However I still get same results. I do see the route added to the routing-table:
setarnoc@WEMA_DLI99046_Router> show route 192.168.7.254
inet.0: 63 destinations, 63 routes (63 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both
192.168.7.0/24 *[Static/5] 00:01:30 > via st0.0
I'm beginning to think the issue might be with the ASA at the other end?