Hi,
The Phase 1 and Phase 2 have different lifetimes.
When the Phase 1 lifetime expires, re-negotiation for Phase 1 is initiated automatically.
In you situation, it is possible that the renegotiation for Phase 1 was not completed successfully for some reason and hence the Phase 1 is not seen.
Even in such a situation, the SRX did not delete the phase 2 SAs, hence your traffic is flowing without any issues.
This is a bad situation to be in if there is some issue with the Phase 1 negotiation of the tunnel.
I would suggest the you deactivate/activate the "security ipsec vpn" and "security gateway" configuration specific to this VPN tunnel and then check if they are neagotiated again.
#deactivate security ike gateway <name>
#deactivate security ipsec vpn <name>
#commit
Check if both the Phase 1 and 2 are down.
#rollback 1
#commit
Alternatively, if you do not want to bring the tunnel down, please enable ike traceoptions and share the debugs :-
#set security ike traceoptions file test1 size 2m
#set security ike traceoptions flag all
#commit
>request security ike debug-enable local 1.1.1.1 remote 2.2.2.2 level 12
Make sure to delete the traceoptions after colelcting the output from the file "test1".
Regards,
Sahil Sharma
---------------------------------------------------
Please mark my solution as accepted if it helped, Kudos are appreciated as well.