We have configured policy based VPN in Juniper 240h with Cisco ASA & we are facing packet drop issue every after 10 minutes.
Please help us to get rid of it.
Thanks & Regards,
When peer is non-juniper device and using policy based VPN, one needs to be very careful about how security policies with tunnel are configured on SRX.
For every crypto map access list line on Cisco ASA, there has to be a separate policy (mirrorred) on the Juniper SRX so that proxy-ids match exactly.
If a single policy has multiple source &/or destination addresses configured on the vSRX proxy-ids would mismatch when SRX is the initiator.
This could also cause unstable SAs and rekeys resulting packet loss.
No, we have a different lifetime in phase I & Phase I I,as it should be different only i believe.