10-17-2019 04:09 AM
I have a site to site VPN setup, the tunnel failed to come up when traffic initiated to my ASA. However if traffic initiated to the Juniper Netscreen the tunnel will come up and works as expected.
Sometimes if the Juniper end initiate connection the tunnel comes up with no traffic being encrypt and decrypt.
I have notice this error when configuring crypto map -
[IKEv1]Ignoring msg to mark SA with specified coordinates <outside_map, 1> dead
Also when debug is on I get this -
IPSEC INFO: Setting an IPSec timer of type Bad CTM Timer Type for 3600 seconds with a jitter value of 0
I have checked everywhere to understand what these means with no success.
Any help will be appreciated.
10-17-2019 04:52 AM
Hi,
Can you check Phase1 and Phase2 key life/timer at both ends? Try to match at both ends.
10-17-2019 05:08 AM
Thanks Deepak,
The lifetimer match on both end.
Regards
Ta
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide