Hi All,
Currently my SRX has IPSEC point-to-point to Fortinet. But the issue is every 7 days traffic will not go through the IPSEC tunnel even the tunnel is not down. Usually i'm need to clear back the ipsec tunnel then traffic will flow back through tunnel. Below is my config and hopefully someone can tell me if my config has something wrong that make the behaviour is like that.
{primary:node0}
test@FW01> show configuration security ike
proposal VPN-IKE {
authentication-method pre-shared-keys;
dh-group group5;
authentication-algorithm sha-256;
encryption-algorithm aes-128-cbc;
lifetime-seconds 86400;
}
policy VPN-POLICY {
mode main;
proposals VPN-IKE;
pre-shared-key ascii-text "$xxxxxxxxxxxxxx"; ## SECRET-DATA
}
gateway VPN-GATEWAY {
ike-policy VPN-POLICY;
address xxx.xxx.xxx.xxx;
dead-peer-detection {
interval 10;
threshold 1;
}
nat-keepalive 10;
external-interface reth1.180;
}
{primary:node0}
test@FW01> show configuration security ipsec
proposal IPSEC-PROPOSAL {
protocol esp;
authentication-algorithm hmac-sha1-96;
encryption-algorithm aes-128-cbc;
lifetime-seconds 43200;
}
policy IPSEC-POLICY {
perfect-forward-secrecy {
keys group5;
}
proposals IPSEC-PROPOSAL;
}
vpn IPSEC-VPN {
bind-interface st0.1;
ike {
gateway VPN-GATEWAY;
proxy-identity {
local xx.xx.xx.xx;
remote xx.xx.xx.xx;
service any;
}
ipsec-policy IPSEC-POLICY;
}
establish-tunnels immediately;
}
Thanks and appreciate someone feedback