Hello,
I'm slowly getting my feet wet with JunOS as described in this earlier post:
Over the past week, I have successfully inserted an SRX between my SSG and the ISP's equipment.
At this time, the SRX purely performs 1-to-1 static NAT for the SSG.
Now I'm noticing that IPSec VPNs configured between the SSG and other ScreenOS appliance reconnected immediately.
However, VPNs configured between SSG and remote SRX devices take *forever* to reconnect/pass traffic. Like 15-20 agonizing minutes or more.
Barring any misconfigurations, the VPNs typically show as 'up' on the remote SRX side, as I'm initiating ping traffic from my SSG side.
As I frantically checked and re-checked the configs on both sides, I did notice that anytime I add or remove a proxy ID check on both sides, the VPN auto-magically starts passing traffic upon commit.
What gives?
Any insight would be appreciated.