CCR1036 IPSec issues with Juniper ISG 2000

Hello,

my CCR1036 ist working since 8 weeks and still got one IPSek issue. Sometimes it is not possible to send data throught the established tunnel. The other end did not receive any data.

Normaly its enought to flush the installe SA but last week I have to reboot the Router… this is inside a production enviroment with 200 user not really cool.

Maybe someone can explain this statistiks?

in-state-protocol-errors: 16
in-state-sequence-errors: 2100
in-state-invalid: 63
out-no-states: 4
out-state-protocol-errors: 7
out-state-expired: 7

kind regards
Maedo

Hello,

I have a working IPSec Tunnel but sometimes, in this case after 29 days, no traffic goes through the established tunnel
I have no error message inside the ipsec debug log

Here is what I did today before I restart the CCR…

I flushed the installed SAs several times
I killed the connected Peer several times
I disabled the src nat rules and also I disabled the internal and external interface

suggestions where to research for this issues are welcome.

kind regards
Maedo