Juniper / Netscreen devices may not correctly handle multiple IPsec proposals that are sent to it when using IKEV2 (ike version 2) for a static LAN to LAN ipsec VPN tunnel.
The IKEv2 and IPsec tunnels will come up successfully but data will NOT flow.
Seen if the Cisco device initiates the connection but not if the Juniper initiates the IKEv2 connection.
1) The current workaround that could be used is to only configure a single IPsec proposal on the Cisco device for the static crypto map that is configured to a Juniper peer.
2) The other workaround is to configure the Cisco device in such a order that the last proposal is the one that matches with Juniper peer.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: