Hello,
I've got a bit of a situation with a Site to Site VPN between 2 Junos SRX100B's. I'm experiencing that the SA's are going up/down every couple of minutes whereas the SA should expire after an hour or longer.
They were set up to be as simple as possible as it was a bit of a rush job, which means that I've used the preset options for the negotiations to keep things as simple and basic as possible and as such would expect them to be stable.
However I've found that there's a roughly 1.5% traffic loss over the vpn when running a ping every second for 1000 seconds both on the regular connection and over the vpn.
I cannot find a real reason as to why this would be, especially with such a basic setup, so I'm hoping that some of you might point me in the right direction or know of it.
The setup is as follows:
Remote Office 1:
83.163.4.48
vlan.0: 192.168.10.0/24
Remote Office 2:
83.163.186.13
vlan.0: 192.168.11.0/24
Datacenter where both offices connect to:
87.233.229.66/26
vlan.0: 172.16.229.65/26
vlan.1: 172.16.2.1/24
st0.0 172.16.229.68/26
st0.1 172.16.229.69/24
routes sending traffic for remote office 1 (192.168.10.0/24) to st0.0
and likewise for remote office 2 to st0.1
I've used both Standard proposals for both IKE and IPsec and defined the remote public ip's as gateways.
The tunnel interfaces are also tied to a security zone and are allowing all traffic to go over the vpn, both ways.
I've also attached some 300 lines from the debug log and some kmd logs showing that the VPN goes up/down constantly incase that might help with figuring out what's wrong.
Thanks in advance.
#SRX100b#route-based#Route#sitetosite