Problem Overview
Juniper / Netscreen devices may not correctly handle multiple IPsec proposals that are sent to it when using IKEV2 (ike version 2) for a static LAN to LAN ipsec VPN tunnel.
Symptom
The IKEv2 and IPsec tunnels will come up successfully but data will NOT flow.
Condition
Seen if the Cisco device initiates the connection but not if the Juniper initiates the IKEv2 connection.
Workaround
1) The current workaround that could be used is to only configure a single IPsec proposal on the Cisco device for the static crypto map that is configured to a Juniper peer.
2) The other workaround is to configure the Cisco device in such a order that the last proposal is the one that matches with Juniper peer.