Here are the show commands while the problem is occuring: [edit] Devin@SRX210-2# run show security ike security-associations Index Remote Address State Initiator cookie Responder cookie Mode 2 10.10.3.93 UP 94d52f1ff2bb4946 9c7f7d5dec2b8656 Main [edit] Devin@SRX210-2# run show security ike security-associations detail IKE peer 10.10.3.93, Index 2, Role: Responder, State: UP Initiator cookie: 94d52f1ff2bb4946, Responder cookie: 9c7f7d5dec2b8656 Exchange type: Main, Authentication method: Pre-shared-keys Local: 10.10.3.89:500, Remote: 10.10.3.93:500 Lifetime: Expires in 27954 seconds Peer ike-id: 10.10.3.93 Xauth assigned IP: 0.0.0.0 Algorithms: Authentication : md5 Encryption : aes-cbc (256 bits) Pseudo random function: hmac-md5 Traffic statistics: Input bytes : 37884 Output bytes : 58008 Input packets: 228 Output packets: 523 Flags: Caller notification sent IPSec security associations: 149 created, 0 deleted Phase 2 negotiations in progress: 41 Negotiation type: Quick mode, Role: Responder, Message ID: 3899808667 Local: 10.10.3.89:500, Remote: 10.10.3.93:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Responder, Message ID: 2395592465 Local: 10.10.3.89:500, Remote: 10.10.3.93:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Responder, Message ID: 231362551 Local: 10.10.3.89:500, Remote: 10.10.3.93:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Responder, Message ID: 3213426843 Local: 10.10.3.89:500, Remote: 10.10.3.93:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Responder, Message ID: 4081384389 Local: 10.10.3.89:500, Remote: 10.10.3.93:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Initiator, Message ID: 2034018454 Local: 10.10.3.89:500, Remote: 10.10.3.93:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Initiator, Message ID: 1333012326 Local: 10.10.3.89:500, Remote: 10.10.3.93:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Responder, Message ID: 3466491344 Local: 10.10.3.89:500, Remote: 10.10.3.93:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Initiator, Message ID: 1299157303 Local: 10.10.3.89:500, Remote: 10.10.3.93:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Responder, Message ID: 1421559469 Local: 10.10.3.89:500, Remote: 10.10.3.93:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Initiator, Message ID: 893203115 Local: 10.10.3.89:500, Remote: 10.10.3.93:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Responder, Message ID: 626377081 Local: 10.10.3.89:500, Remote: 10.10.3.93:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Initiator, Message ID: 907242481 Local: 10.10.3.89:500, Remote: 10.10.3.93:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Responder, Message ID: 281865556 Local: 10.10.3.89:500, Remote: 10.10.3.93:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Initiator, Message ID: 2637425210 Local: 10.10.3.89:500, Remote: 10.10.3.93:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Initiator, Message ID: 4022821992 Local: 10.10.3.89:500, Remote: 10.10.3.93:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Responder, Message ID: 1279602626 Local: 10.10.3.89:500, Remote: 10.10.3.93:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Initiator, Message ID: 378666346 Local: 10.10.3.89:500, Remote: 10.10.3.93:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Responder, Message ID: 2592632658 Local: 10.10.3.89:500, Remote: 10.10.3.93:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Initiator, Message ID: 4105436416 Local: 10.10.3.89:500, Remote: 10.10.3.93:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Responder, Message ID: 1204984065 Local: 10.10.3.89:500, Remote: 10.10.3.93:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Initiator, Message ID: 3415696704 Local: 10.10.3.89:500, Remote: 10.10.3.93:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Responder, Message ID: 3973492141 Local: 10.10.3.89:500, Remote: 10.10.3.93:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Initiator, Message ID: 1870667741 Local: 10.10.3.89:500, Remote: 10.10.3.93:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Responder, Message ID: 4251612407 Local: 10.10.3.89:500, Remote: 10.10.3.93:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Initiator, Message ID: 1408910229 Local: 10.10.3.89:500, Remote: 10.10.3.93:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Responder, Message ID: 462316184 Local: 10.10.3.89:500, Remote: 10.10.3.93:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Initiator, Message ID: 2069351492 Local: 10.10.3.89:500, Remote: 10.10.3.93:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Responder, Message ID: 1411738633 Local: 10.10.3.89:500, Remote: 10.10.3.93:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Initiator, Message ID: 165107483 Local: 10.10.3.89:500, Remote: 10.10.3.93:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Responder, Message ID: 3261982734 Local: 10.10.3.89:500, Remote: 10.10.3.93:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Initiator, Message ID: 1258813270 Local: 10.10.3.89:500, Remote: 10.10.3.93:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Initiator, Message ID: 52983007 Local: 10.10.3.89:500, Remote: 10.10.3.93:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Responder, Message ID: 2833717742 Local: 10.10.3.89:500, Remote: 10.10.3.93:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Initiator, Message ID: 3934373741 Local: 10.10.3.89:500, Remote: 10.10.3.93:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Responder, Message ID: 2014265658 Local: 10.10.3.89:500, Remote: 10.10.3.93:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Initiator, Message ID: 17027965 Local: 10.10.3.89:500, Remote: 10.10.3.93:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Initiator, Message ID: 3287564810 Local: 10.10.3.89:500, Remote: 10.10.3.93:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Responder, Message ID: 2433779282 Local: 10.10.3.89:500, Remote: 10.10.3.93:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Initiator, Message ID: 3701272622 Local: 10.10.3.89:500, Remote: 10.10.3.93:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Responder, Message ID: 1083866453 Local: 10.10.3.89:500, Remote: 10.10.3.93:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done [edit] Devin@SRX210-2# run show security ipsec security-associations Total active tunnels: 1 ID Gateway Port Algorithm SPI Life:sec/kb Mon vsys <131074 10.10.3.93 500 ESP:3des/md5 fffe8a74 1794/ unlim - root >131074 10.10.3.93 500 ESP:3des/md5 f1a89e51 1794/ unlim - root <131074 10.10.3.93 500 ESP:3des/md5 4b5bf3f2 1798/ unlim - root >131074 10.10.3.93 500 ESP:3des/md5 c6992675 1798/ unlim - root [edit] Devin@SRX210-2# run show security ipsec security-associations detail Virtual-system: root Local Gateway: 10.10.3.89, Remote Gateway: 10.10.3.93 Local Identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote Identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) DF-bit: clear Direction: inbound, SPI: fffe8a74, AUX-SPI: 0 , VPN Monitoring: - Hard lifetime: Expires in 1791 seconds Lifesize Remaining: Unlimited Soft lifetime: Expires in 1426 seconds Mode: tunnel, Type: dynamic, State: installed Protocol: ESP, Authentication: hmac-md5-96, Encryption: 3des-cbc Anti-replay service: counter-based enabled, Replay window size: 64 Direction: outbound, SPI: f1a89e51, AUX-SPI: 0 , VPN Monitoring: - Hard lifetime: Expires in 1791 seconds Lifesize Remaining: Unlimited Soft lifetime: Expires in 1426 seconds Mode: tunnel, Type: dynamic, State: installed Protocol: ESP, Authentication: hmac-md5-96, Encryption: 3des-cbc Anti-replay service: counter-based enabled, Replay window size: 64 Direction: inbound, SPI: 4b5bf3f2, AUX-SPI: 0 , VPN Monitoring: - Hard lifetime: Expires in 1795 seconds Lifesize Remaining: Unlimited Soft lifetime: Expires in 1470 seconds Mode: tunnel, Type: dynamic, State: installed Protocol: ESP, Authentication: hmac-md5-96, Encryption: 3des-cbc Anti-replay service: counter-based enabled, Replay window size: 64 Direction: outbound, SPI: c6992675, AUX-SPI: 0 , VPN Monitoring: - Hard lifetime: Expires in 1795 seconds Lifesize Remaining: Unlimited Soft lifetime: Expires in 1470 seconds Mode: tunnel, Type: dynamic, State: installed Protocol: ESP, Authentication: hmac-md5-96, Encryption: 3des-cbc Anti-replay service: counter-based enabled, Replay window size: 64 [edit] Devin@SRX210-2# run show security ipsec statistics ESP Statistics: Encrypted bytes: 77928 Decrypted bytes: 48636 Encrypted packets: 573 Decrypted packets: 579 AH Statistics: Input bytes: 0 Output bytes: 0 Input packets: 0 Output packets: 0 Errors: AH authentication failures: 0, Replay errors: 0 ESP authentication failures: 0, ESP decryption failures: 0 Bad headers: 0, Bad trailers: 0 Also show commands from the SRX240 (there seems to be an inordinate amount of SA's stuck in phase 2 negotiations): [edit] Devin@SRX240-1# run show security ike security-associations Index Remote Address State Initiator cookie Responder cookie Mode 2 10.10.3.89 UP 83fc758137e87094 9cb24edeea526d0c Main 1 10.10.3.89 UP 94d52f1ff2bb4946 9c7f7d5dec2b8656 Main [edit] Devin@SRX240-1# run show security ike security-associations detail IKE peer 10.10.3.89, Index 2, Role: Responder, State: UP Initiator cookie: 83fc758137e87094, Responder cookie: 9cb24edeea526d0c Exchange type: Main, Authentication method: Pre-shared-keys Local: 10.10.3.93:500, Remote: 10.10.3.89:500 Lifetime: Expires in 27807 seconds Peer ike-id: 10.10.3.89 Xauth assigned IP: 0.0.0.0 Algorithms: Authentication : md5 Encryption : aes-cbc (256 bits) Pseudo random function: hmac-md5 Traffic statistics: Input bytes : 1136 Output bytes : 14280 Input packets: 7 Output packets: 179 Flags: Caller notification sent IPSec security associations: 2 created, 0 deleted Phase 2 negotiations in progress: 0 IKE peer 10.10.3.89, Index 1, Role: Initiator, State: UP Initiator cookie: 94d52f1ff2bb4946, Responder cookie: 9c7f7d5dec2b8656 Exchange type: Main, Authentication method: Pre-shared-keys Local: 10.10.3.93:500, Remote: 10.10.3.89:500 Lifetime: Expires in 27854 seconds Peer ike-id: 10.10.3.89 Xauth assigned IP: 0.0.0.0 Algorithms: Authentication : md5 Encryption : aes-cbc (256 bits) Pseudo random function: hmac-md5 Traffic statistics: Input bytes : 66500 Output bytes : 44704 Input packets: 600 Output packets: 266 Flags: Caller notification sent IPSec security associations: 171 created, 342 deleted Phase 2 negotiations in progress: 41 Negotiation type: Quick mode, Role: Initiator, Message ID: 42987884 Local: 10.10.3.93:500, Remote: 10.10.3.89:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Initiator, Message ID: 3107734189 Local: 10.10.3.93:500, Remote: 10.10.3.89:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Responder, Message ID: 3287564810 Local: 10.10.3.93:500, Remote: 10.10.3.89:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Initiator, Message ID: 3213426843 Local: 10.10.3.93:500, Remote: 10.10.3.89:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Initiator, Message ID: 1083866453 Local: 10.10.3.93:500, Remote: 10.10.3.89:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Initiator, Message ID: 3650777495 Local: 10.10.3.93:500, Remote: 10.10.3.89:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Responder, Message ID: 2322575595 Local: 10.10.3.93:500, Remote: 10.10.3.89:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Responder, Message ID: 1333012326 Local: 10.10.3.93:500, Remote: 10.10.3.89:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Initiator, Message ID: 3466491344 Local: 10.10.3.93:500, Remote: 10.10.3.89:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Responder, Message ID: 1299157303 Local: 10.10.3.93:500, Remote: 10.10.3.89:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Initiator, Message ID: 1421559469 Local: 10.10.3.93:500, Remote: 10.10.3.89:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Responder, Message ID: 893203115 Local: 10.10.3.93:500, Remote: 10.10.3.89:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Initiator, Message ID: 626377081 Local: 10.10.3.93:500, Remote: 10.10.3.89:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Responder, Message ID: 907242481 Local: 10.10.3.93:500, Remote: 10.10.3.89:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Initiator, Message ID: 281865556 Local: 10.10.3.93:500, Remote: 10.10.3.89:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Responder, Message ID: 2637425210 Local: 10.10.3.93:500, Remote: 10.10.3.89:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Responder, Message ID: 4022821992 Local: 10.10.3.93:500, Remote: 10.10.3.89:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Initiator, Message ID: 1279602626 Local: 10.10.3.93:500, Remote: 10.10.3.89:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Responder, Message ID: 31600661 Local: 10.10.3.93:500, Remote: 10.10.3.89:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Initiator, Message ID: 941994459 Local: 10.10.3.93:500, Remote: 10.10.3.89:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Responder, Message ID: 3287085608 Local: 10.10.3.93:500, Remote: 10.10.3.89:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Initiator, Message ID: 1106792890 Local: 10.10.3.93:500, Remote: 10.10.3.89:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Responder, Message ID: 2170990213 Local: 10.10.3.93:500, Remote: 10.10.3.89:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Initiator, Message ID: 3583805485 Local: 10.10.3.93:500, Remote: 10.10.3.89:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Responder, Message ID: 1310023975 Local: 10.10.3.93:500, Remote: 10.10.3.89:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Initiator, Message ID: 1148894335 Local: 10.10.3.93:500, Remote: 10.10.3.89:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Responder, Message ID: 2145766013 Local: 10.10.3.93:500, Remote: 10.10.3.89:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Initiator, Message ID: 2461584001 Local: 10.10.3.93:500, Remote: 10.10.3.89:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Initiator, Message ID: 1373331901 Local: 10.10.3.93:500, Remote: 10.10.3.89:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Responder, Message ID: 83712795 Local: 10.10.3.93:500, Remote: 10.10.3.89:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Responder, Message ID: 513472635 Local: 10.10.3.93:500, Remote: 10.10.3.89:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Initiator, Message ID: 1661281310 Local: 10.10.3.93:500, Remote: 10.10.3.89:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Responder, Message ID: 472860363 Local: 10.10.3.93:500, Remote: 10.10.3.89:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Responder, Message ID: 3636847061 Local: 10.10.3.93:500, Remote: 10.10.3.89:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Initiator, Message ID: 217034072 Local: 10.10.3.93:500, Remote: 10.10.3.89:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Initiator, Message ID: 2014265658 Local: 10.10.3.93:500, Remote: 10.10.3.89:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Responder, Message ID: 17027965 Local: 10.10.3.93:500, Remote: 10.10.3.89:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Initiator, Message ID: 231362551 Local: 10.10.3.93:500, Remote: 10.10.3.89:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Initiator, Message ID: 2433779282 Local: 10.10.3.93:500, Remote: 10.10.3.89:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Responder, Message ID: 3701272622 Local: 10.10.3.93:500, Remote: 10.10.3.89:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done Negotiation type: Quick mode, Role: Responder, Message ID: 3669645088 Local: 10.10.3.93:500, Remote: 10.10.3.89:500 Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Flags: Caller notification sent, Waiting for done [edit] Devin@SRX240-1# run show security ipsec security-associations Total active tunnels: 1 ID Gateway Port Algorithm SPI Life:sec/kb Mon vsys <131074 10.10.3.89 500 ESP:3des/md5 10c560af 1794/ unlim - root >131074 10.10.3.89 500 ESP:3des/md5 8bcf2205 1794/ unlim - root <131074 10.10.3.89 500 ESP:3des/md5 2acc8561 1797/ unlim - root >131074 10.10.3.89 500 ESP:3des/md5 eee5c0b6 1797/ unlim - root [edit] Devin@SRX240-1# run show security ipsec security-associations detail Virtual-system: root Local Gateway: 10.10.3.93, Remote Gateway: 10.10.3.89 Local Identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) Remote Identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) DF-bit: clear Direction: inbound, SPI: 10c560af, AUX-SPI: 0 , VPN Monitoring: - Hard lifetime: Expires in 1792 seconds Lifesize Remaining: Unlimited Soft lifetime: Expires in 1459 seconds Mode: tunnel, Type: dynamic, State: installed Protocol: ESP, Authentication: hmac-md5-96, Encryption: 3des-cbc Anti-replay service: counter-based enabled, Replay window size: 64 Direction: outbound, SPI: 8bcf2205, AUX-SPI: 0 , VPN Monitoring: - Hard lifetime: Expires in 1792 seconds Lifesize Remaining: Unlimited Soft lifetime: Expires in 1459 seconds Mode: tunnel, Type: dynamic, State: installed Protocol: ESP, Authentication: hmac-md5-96, Encryption: 3des-cbc Anti-replay service: counter-based enabled, Replay window size: 64 Direction: inbound, SPI: 2acc8561, AUX-SPI: 0 , VPN Monitoring: - Hard lifetime: Expires in 1795 seconds Lifesize Remaining: Unlimited Soft lifetime: Expires in 1416 seconds Mode: tunnel, Type: dynamic, State: installed Protocol: ESP, Authentication: hmac-md5-96, Encryption: 3des-cbc Anti-replay service: counter-based enabled, Replay window size: 64 Direction: outbound, SPI: eee5c0b6, AUX-SPI: 0 , VPN Monitoring: - Hard lifetime: Expires in 1795 seconds Lifesize Remaining: Unlimited Soft lifetime: Expires in 1416 seconds Mode: tunnel, Type: dynamic, State: installed Protocol: ESP, Authentication: hmac-md5-96, Encryption: 3des-cbc Anti-replay service: counter-based enabled, Replay window size: 64 [edit] Devin@SRX240-1# run show security ipsec statistics ESP Statistics: Encrypted bytes: 88128 Decrypted bytes: 53844 Encrypted packets: 648 Decrypted packets: 641 AH Statistics: Input bytes: 0 Output bytes: 0 Input packets: 0 Output packets: 0 Errors: AH authentication failures: 0, Replay errors: 0 ESP authentication failures: 0, ESP decryption failures: 0 Bad headers: 0, Bad trailers: 0