[strongSwan] Netscreen 5GT & StrongSwan 5.x
Brian Fernald
bfernald at econtinuity.net
Tue Nov 13 05:39:24 CET 2012
Hi -
We have a Netscreen 5GT successfully establishing a VPN with StrongSwan 5.0.0 .. Nothing fancy , PSK … Proxy-ID , etc.. However, we see an odd behavior that we only see between Netscreen & StrongSwan. The tunnel will drop after a period of time when there is no traffic (which is fine), but then, traffic generated from the Netscreen side of the VPN will not bring the tunnel back up. Traffic generated from the Strongswan side will immediately cause the tunnel to come back up. At that point, traffic works in both directions again.
Any ideas why we would see that sort of behavior ?
The strongswan config is basic:
keyexchange=ikev1
leftsubnet=11.1.1.0/23
leftid=123.12.12.185
right=23.123.123.12
rightid=23.123.123.12
rightsubnet=192.168.1.0/24
ike=aes128-sha1-modp1024
esp=aes128-sha1-modp1024
authby=secret
type=tunnel
auto=start
Curious if others have seen this and/or have an idea of why a perfectly working tunnel can go down, then only be re-established from one end.
Thanks!
Brian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20121113/eb7af534/attachment.html>
More information about the Users
mailing list