Pulse VPN for SRX disconnects randomly and prompts for user name and password again.
Pulse is disconnected on its own. It prompts for user name and password again. The Pulse VPN tunnel goes down and connectivity toward the remote network also fails.
In Windows system, with Pulse debug log, we can see the following log message sequence. These log messages are collected in detailed mode.
00179,09 2014/02/11 10:50:57.516 3 SYSTEM dsAccessService.exe dsTMService p0320 tD04 mLog.cpp:320 - 'TM' Phase 1 Session Soft Lifetime exceeded after 216 seconds REKEYING Phase 1 Session << IKE phase 1 soft life time expires 00210,09 2014/02/11 10:50:57.516 3 SYSTEM dsAccessService.exe dsTMService p0320 tD04 mLog.cpp:320 - 'TM' Starting Phase 1 for reason = 'p_10.10.10.10_1_4b4dcd0 IPSec Policy Group:p_10.10.10.10_1_4b4dcd0 IKE SA Rule' 00139,09 2014/02/11 10:50:57.516 3 SYSTEM dsAccessService.exe dsTMService p0320 tD04 mLog.cpp:320 - 'TM' --> SendInitialPacket Phase 1 packet ID=2 00148,09 2014/02/11 10:50:57.516 5 SYSTEM dsAccessService.exe dsTMService p0320 tD04 mLog.cpp:326 - 'TM' --> SEND IKE Message Size 360 to 10.10.10.10:4500 00165,09 2014/02/11 10:50:57.516 3 SYSTEM dsAccessService.exe dsTMService p0320 tD04 mLog.cpp:320 - 'TM' New Phase 1 Session (I) Created UID=00000002 with Peer UID=00000001 00188,09 2014/02/11 10:50:57.532 3 SYSTEM dsAccessService.exe dsTMService p0320 tC10 mLog.cpp:320 - 'TM' Phase 1 Session Complete Network Interface=00000001 Peer=00000001 Phase 1 Session=00000002 << Starting new IKE phase 1 00169,09 2014/02/11 10:50:57.548 3 SYSTEM dsAccessService.exe vpnAccessMethod p0320 t3DC vpnAccessInstance.cpp:738 - 'vpnAccessMethod' Requesting username/passcode for server 00163,09 2014/02/11 10:50:57.548 3 SYSTEM dsAccessService.exe vpnAccessMethod p0320 t3DC vpnAccessInstance.cpp:768 - 'vpnAccessMethod' Username/password request is xid 2 << To complete the Phase 1 Pulse prompting for user name and password 00134,09 2014/02/11 10:51:24.723 3 SYSTEM dsAccessService.exe dsTMService p0320 t7C4 mLog.cpp:320 - 'TM' Phase 1 Session Expired UID=00000002 00134,09 2014/02/11 10:51:24.723 3 SYSTEM dsAccessService.exe dsTMService p0320 t7C4 mLog.cpp:320 - 'TM' Phase 1 Session Deleted UID=00000002 << If user didn't enter user name and password, after hardlife time expire, phase 1 session get deleted
When the Pulse Dynamic VPN (DVPN) phase 1 (IKE) security association timer expires, it is mandatory to re-enter the username and password to reform a new IKE phase 1 session.
This is the reason Pulse VPN tunnel goes down and prompts for user name and password.