Vanishing IPsec policy entries(SPD) with ipsec-tools(racoon) and SSG5

  • Hello,

    We’re currently running ipsec-tools-0.7 to setup an IPsec VPN Tunnel between our Linux box and a Juniper SSG5 device.

    We can establish the tunnel just fine and pass traffic both ways, however we are having an issue with the SPD entries on the Linux box just randomly disappearing which results in traffic not being able to go out the tunnel.  The tunnel still looks like it’s up, there’s nothing in the racoon.log to indicate the tunnel is going down, just looks like the policies are vanishing.  This only happens every few days with no pattern that we can see and a restart of racoon is required to bring it back up.

    We’ve been unable to reproduce this problem – before I get into details of our configuration and that sort of thing,  I was wondering if anyone had ever heard of the SPD entries disappearing like that? If so, any idea what could cause this?

    If someone’s able (and willing) to help, I can go into detail with our configuration and that sort of thing but I’m hoping to find out if someone’s at least heard of this before.

    We’re fairly certain the SSG5 isn’t causing the problem but we’re at the end of our rope here and figured it couldn’t hurt to ask some Juniper-experts.