Hi!

I set one IPSec VPN tunnel within a RB450G and a Juniper.

All seems to be configured correctly because when we start the tunnel all goes ok, we can connect to the server in the other part ... But when the phase 2 gets timeout-ed the tunnel seems to be broken.

After that moment on the MK there it's no phase 2 connection (RouterOs call they Installed SAs) but the phase 1 seems to be ok.

At that same moment on the Juniper part phase 2 and phase 1 are disconnected. Common sense should say Juniper should do the same as RouterOs, but I don't know which should be the official way to do IPSec VPNs.

I continue a bit more. So, in Juniper part all it's down. But in MK part the Phase 1 it's alive, and when it gets its timeout RouterOs seems to refresh it because I see the established time restart from 0. On Juniper part all it's down. I suppose Juniper it's not accepting it because the previous phase 1 was deleted so much time ago.

If I kill the Remote Peer (aka Phase 1 on RouterOs) the VPN starts perfectly and runs ok until phase 2 will timeout another time.

Any tip ?