I check the different between 2 srx100, no differents. NAT is enable at ssg550 and SRX100 default enable NAT.
Lfetime settings on phase 2 also match between the SSG550 and SRX100. Phase2 message on ssg550 as follow.
| 2016-04-28 21:51:28 | info | Rejected an IKE packet on ethernet0/2 from 10.96.130.54:4500 to 122.248.120.169:4500 with cookies 30916cea8afaaae8 and 22fd4d8bb8a54dc8 because There was a preexisting session from the same peer. |
| 2016-04-28 21:51:28 | info | IKE 10.96.130.54 Phase 2 msg ID 408eb379: Responded to the peer's first message. |
| 2016-04-28 21:51:28 | info | IKE 10.96.130.54 Phase 1: Completed Aggressive mode negotiations with a 28800-second lifetime. |
| 2016-04-28 21:51:28 | info | IKE<10.96.130.54> Phase 1: IKE responder has detected NAT in front of the remote device. |
| 2016-04-28 21:51:28 | info | IKE 10.96.130.54 phase 1:The symmetric crypto key has been generated successfully. |
| 2016-04-28 21:51:28 | info | IKE 10.96.130.54 Phase 1: Responder starts AGGRESSIVE mode negotiations. |