SRX

 View Only
last person joined: 20 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  SRX to Anypoint VPN issue

    Posted 09-23-2021 16:16
    We're having an issue connecting to Mulesoft's Anypoint VPN for our cloud service.  We have followed all the parameters outlined in their documentation.  The VPN will come up initially, but at the end of the IPSEC lifetime, when the SRX goes to do the Phase 2 rekey, it errors out with "error code NO_PROPOSAL_CHOSEN received from peer".  At the end of the IKE lifetime, when Phase 1 goes to rekey, it comes back up and continues to  work until the first Phase 2 rekey.  Mulesoft hasn't been much help in troubleshooting so far- they just point us to their documentation.  I also noticed that when I look at the IPSEC SA, it shows me port 4500 instead of port 500.

    The only thing I see in our logs is "Reason: Hard lifetime of IPSec SA expired" when the lifetime expires.  The no proposal chosen errors don't show up in the logs.  Has anyone experienced a similar issue?  It's just odd that it would work for an hour (3000 seconds is the defined lifetime), then not work until IKE Phase 1 restarts (28000 seconds).

    ------------------------------
    JIM MICKENS
    ------------------------------