07-30-2015 08:20 AM
Hi, we have configured a VPN site-to-site between Juniper SSG and PA3020. The tunnel is flapping up/down. The VPN is well-configured and we have configured VPN monitor with Rekey option in the SSG. How could we know why the tunnel is flapping all the time??? i attached the PA logs
2015-07-30 16:52:11 [PROTO_NOTIFY]: ====> PHASE-2 NEGOTIATION SUCCEEDED AS RESPONDER, (QUICK MODE) <====
====> Established SA: 116.x.x.x[500]-121.x.x.x[500] message id:0xF6C5386E, SPI:0xB9D02A28/0x598B9BDB <====
2015-07-30 16:52:11 [INFO]: SADB_UPDATE ul_proto=255 src=121.x.x.x[500] dst=116.x.x.x[500] satype=ESP samode=tunl spi=0xB9D02A28 authtype=SHA1 enctype=3DES lifetime soft time=3600 bytes=0 hard time=3600 bytes=0
2015-07-30 16:52:11 [INFO]: SADB_ADD ul_proto=255 src=116.x.x.x[500] dst=121.x.x.x[500] satype=ESP samode=tunl spi=0x598B9BDB authtype=SHA1 enctype=3DES lifetime soft time=3600 bytes=0 hard time=3600 bytes=0
2015-07-30 16:52:11 [INFO]: IPsec-SA established: ESP/Tunnel 121.x.x.x[500]->116.x.x.x[500][500] spi=3117427240(0xb9d02a28)
2015-07-30 16:52:11 [PROTO_NOTIFY]: ====> IPSEC KEY INSTALLATION SUCCEEDED <====
====> Installed SA: 116.x.x.x[500]-121.x.x.x[500] SPI:0xB9D02A28/0x598B9BDB lifetime 3600 Sec lifesize unlimited <====
2015-07-30 16:52:11 [INFO]: keymirror add start ++++++++++++++++
2015-07-30 16:52:11 [INFO]: keymirror add for gw e, tn 20, selfSPI B9D02A28, retcode 0.
[PROTO_NOTIFY]: ====> IPSEC KEY DELETED <====
