SRX

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



  • 1.  SRX to Anypoint VPN issue

    Posted 24 days ago
    We're having an issue connecting to Mulesoft's Anypoint VPN for our cloud service.  We have followed all the parameters outlined in their documentation.  The VPN will come up initially, but at the end of the IPSEC lifetime, when the SRX goes to do the Phase 2 rekey, it errors out with "error code NO_PROPOSAL_CHOSEN received from peer".  At the end of the IKE lifetime, when Phase 1 goes to rekey, it comes back up and continues to  work until the first Phase 2 rekey.  Mulesoft hasn't been much help in troubleshooting so far- they just point us to their documentation.  I also noticed that when I look at the IPSEC SA, it shows me port 4500 instead of port 500.

    The only thing I see in our logs is "Reason: Hard lifetime of IPSec SA expired" when the lifetime expires.  The no proposal chosen errors don't show up in the logs.  Has anyone experienced a similar issue?  It's just odd that it would work for an hour (3000 seconds is the defined lifetime), then not work until IKE Phase 1 restarts (28000 seconds).

    ------------------------------
    JIM MICKENS
    ------------------------------