I'm having an issue with my Network Connect configuration when using ESP instead NCP/oNCP. If I enable Replay Protection the connection establishes using ESP but a couple of minutes later it fails back to NCP/oNCP. If I don't use Replay Protection I don't have the problem. I currently running 6.0R5 on an SA2000 box. The NCService.log is showing errors about the keep alive failing for the tunnel and then shows it switching to NCP mode. Before the keep alive error there are 30 or so errors similar to this one:
ipsec: packet 1 behind the window 793/FFFFFFFF, ignored
ipsec: Error decrypting packet
I haven't opened a case with Juniper support yet and was wondering if anyone else has run into this problem. It works as long as I don't use Replay Protection and I'm wondering why this would cause the problem.