IPsec SA expired (LATEST!)


My tunnel keeps going down frequently with the following error message:

I tried 1.0.5 and 1.1.3 versions.

Here is the relevant IPSec configuration.

esp-group ESP {
    compression disable
    lifetime 3600
    mode tunnel
    pfs enable
    proposal 1 {
        encryption aes128
            hash sha1

ike-group IKE {
    dead-peer-detection {
        action restart
        interval 15
        timeout 45
    lifetime 28800
    proposal 1 {
        dh-group 2
        encryption aes128
        hash sha1

Any one have clues? I don’t have access to the logs from the other end of the site-to-site tunnel.



Is the lifetime the same on the other side of the tunnel?



You must configure identically phase 1 and 2 witch both side.

Anyway in my envinorment i have same problem. Check this topic: