thanks a lot for your help
did change the thins you've mentioned, but result is next:
[Aug 25 10:53:26]ikev2_packet_allocate: Allocated packet d88800 from freelist
[Aug 25 10:53:56]P1 SA 4357381 timer expiry. ref cnt 2, timer reason Force delete timer expired (1), flags 0x0.
[Aug 25 10:53:56]IKE SA delete called for p1 sa 4357381 (ref cnt 3) local:2.2.2.2, remote:1.1.1.1, IKEv2
[Aug 25 10:53:56]P1 SA 4357381 reference count is not zero (1). Delaying deletion of SA
[Aug 25 10:53:56]iked_pm_p1_sa_destroy: p1 sa 4357381 (ref cnt 0), waiting_for_del 0xd6ad00
[Aug 25 10:53:56]iked_pm_ike_sa_delete_done_cb: For null p1 sa, status: Error ok
[Aug 25 10:53:56]iked_deferred_free_inactive_peer_entry: Free 1 peer_entry(s)
[Aug 25 10:54:26]ikev2_packet_allocate: Allocated packet d9dc00 from freelist
there is the output i get for flow session
root@sipsrx.ykt# run show security flow session
Session ID: 1, Policy name: N/A, Timeout: N/A, Valid
In: 1.1.1.1/0 --> 2.2.2.2/0;esp, If: fe-0/0/7.0, Pkts: 0, Bytes: 0
Session ID: 2, Policy name: N/A, Timeout: N/A, Valid
In: 1.1.1.1/0 --> 2.2.2.2/0;esp, If: fe-0/0/7.0, Pkts: 0, Bytes: 0
Session ID: 1912, Policy name: self-traffic-policy/1, Timeout: 24, Valid
In: 2.2.2.2/500 --> 1.1.1.1/500;udp, If: .local..0, Pkts: 1731, Bytes: 643932
Out: 1.1.1.1/500 --> 2.2.2.2/500;udp, If: fe-0/0/7.0, Pkts: 0, Bytes: 0
i tend that actually the problem is on edge router. between my srx devices.
it's windows kerio
it has ipsec, udp 500 and udp 4500 mapping from its external interface to the external interface of srx100 (2.2.2.2)
but as you see in flow session result there is port 500 - so nat-t is not implemented?
do i have to setup this kerio nat some way for my srx100?