<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE>IPSec config problem</TITLE>
<META content="MSHTML 6.00.2800.1170" name=GENERATOR></HEAD>
<BODY>
<DIV><SPAN class=178134614-11082003><FONT face=Verdana color=#000080 size=2>Hi
Mario</FONT></SPAN></DIV>
<DIV><SPAN class=178134614-11082003><FONT face=Verdana color=#000080
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=178134614-11082003><FONT face=Verdana color=#000080
size=2>Thanks for the feedback.</FONT></SPAN></DIV>
<DIV><SPAN class=178134614-11082003><FONT face=Verdana color=#000080
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=178134614-11082003><FONT face=Verdana color=#000080 size=2>This
is the problem I am facing. As you said when I do a show version brief, it DOES
NOT show me Jcrypto on the "faulty" routing engine but shows me Jcrypto on the
live routing engine.</FONT></SPAN></DIV>
<DIV><SPAN class=178134614-11082003><FONT face=Verdana color=#000080
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=178134614-11082003><FONT face=Verdana color=#000080 size=2>I am
validating the current software config on BOTH the routing engines against the
SAME code base under the /var/tmp directory as mentioned below. It validates
correctly on one, but does not validate on the other.</FONT></SPAN></DIV>
<DIV><SPAN class=178134614-11082003><FONT face=Verdana color=#000080
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=178134614-11082003><FONT face=Verdana color=#000080 size=2>Any
inputs would be much appreciated.</FONT></SPAN></DIV>
<DIV><SPAN class=178134614-11082003><FONT face=Verdana color=#000080
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=178134614-11082003><FONT face=Verdana color=#000080 size=2>//
Bosco</FONT></SPAN></DIV>
<BLOCKQUOTE dir=ltr style="MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma
size=2>-----Original Message-----<BR><B>From:</B> MPuras@solunet.com
[mailto:MPuras@solunet.com]<BR><B>Sent:</B> Monday, August 11, 2003 8:16
PM<BR><B>To:</B> Bosco Sachanandani;
juniper-nsp@puck.nether.net<BR><B>Subject:</B> RE: [j-nsp] IPSec config
problem<BR><BR></FONT></DIV>
<DIV><SPAN class=842414014-11082003><FONT face=Arial color=#0000ff
size=2>Bosco,</FONT></SPAN></DIV>
<DIV><SPAN class=842414014-11082003><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=842414014-11082003><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=842414014-11082003><FONT face=Arial color=#0000ff size=2>You
certainly do need "domestic" in order to have Jcrypto which is needed for
IPSec. Export version does not have jcrypto. Regardless of what is
on the /var/tmp/ directory can you issue the command "show version brief" on
both RE and see if you have the jcrypto package installed?
</FONT></SPAN></DIV>
<DIV> </DIV><FONT face=Arial size=2></FONT><BR>
<P><FONT face=Arial size=4>Thanks,</FONT> </P>
<P><FONT face=Arial size=4>Mario Puras</FONT> <BR><B><FONT face=Arial
color=#ff0000 size=4>S</FONT><FONT face=Arial size=4>olu</FONT><FONT
face=Arial color=#ff0000 size=4>N</FONT></B><FONT face=Arial size=4>et
Technical Support</FONT><FONT face=Arial><BR></FONT><FONT
face="Times New Roman" size=4>Mailto:
mpuras@solunet.com<U></U></FONT><U><BR></U><FONT face=Arial size=2>Direct:
(321) 309-1410 </FONT> <BR><FONT face=Arial size=2>888.449.5766 (USA) /
888.SOLUNET (Canada) </FONT></P>
<BLOCKQUOTE dir=ltr
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma
size=2>-----Original Message-----<BR><B>From:</B> Bosco Sachanandani
[mailto:Bosco.Sachanandani@orange.co.in]<BR><B>Sent:</B> Sunday, August 10,
2003 11:52 PM<BR><B>To:</B> juniper-nsp@puck.nether.net<BR><B>Subject:</B>
[j-nsp] IPSec config problem<BR><B>Importance:</B> High<BR><BR></FONT></DIV><!-- Converted from text/rtf format -->
<P><FONT face=Verdana color=#000000 size=2>Hi Team</FONT> </P>
<P><FONT face=Verdana color=#000000 size=2>Dunno if I am facing a strange
problem or whether I have missed out on a step. I need to be sure of this
before I raise a TAC with Juniper local support (who I may add are pretty
lousy!)</FONT></P>
<P><FONT face=Verdana color=#000000 size=2>Can anyone tell me what is the
code base that you loaded on the Juniper for IPSec support (Jcrypto)?</FONT>
</P>
<P><FONT face=Verdana color=#000000 size=2>You see I can see the crypto code
base only on one routing engine and not on the other. The software bundle on
routing engine 0 and 1 under /var/tmp is
jbundle-5.5R3.1-export-signed.tgz</FONT></P>
<P><FONT face=Verdana color=#000000 size=2>When I issue the command
</FONT></P>
<P><FONT face=Verdana color=#000000 size=2>superuser@lab-re1> request
system software validate /var/tmp/jbundle-5.5R3.1-export-signed.tgz</FONT>
</P>
<P><FONT face=Verdana color=#000000 size=2>it DOES NOT validate the
configuration against the jcrypto code base on routing engine 1 but it does
on routing engine 0. The file size of the jbundle loaded on both
routing-engines is identical. Hence I cannot seem to figure out where the
problem is.</FONT></P>
<P><FONT face=Verdana color=#000000 size=2>As a result, re0 has the IPSec
configuration (currently the master) but re1 does not. When I do a commit
sync from the routing engine where I can see the IPSec config under the
security hierarchy, it does not return any errors.</FONT></P>
<P><FONT face=Verdana color=#000000 size=2>Couple of additional
things:</FONT> </P>
<P><FONT face=Verdana color=#000000 size=2>1) I was basically trying to set
the craft interface display when this problem started and a routing engine
fail over occurred. This is really strange since I expect a M20 to be more
stable!</FONT></P>
<P><FONT face=Verdana color=#000000 size=2>2) Due to this I had to restart
the routing engine with the above given code base.</FONT> </P>
<P><FONT face=Verdana color=#000000 size=2>3) On the routing engine where I
cannot see any entries under the EDIT SECURITY tab, I can see the
configuration of the ES-PIC. I have one ES PIC on this M20</FONT></P>
<P><FONT face=Verdana color=#000000 size=2>Please help!</FONT> </P>
<P><FONT face=Verdana color=#000000 size=2>Thanks in advance</FONT>
<BR><FONT face=Verdana color=#000000 size=2>Bosco</FONT>
</P></BLOCKQUOTE></BLOCKQUOTE></BODY></HTML>