<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE>IPSec config problem</TITLE>
<META content="MSHTML 5.50.4912.300" name=GENERATOR></HEAD>
<BODY>
<DIV><SPAN class=842414014-11082003><FONT face=Arial color=#0000ff
size=2>Bosco,</FONT></SPAN></DIV>
<DIV><SPAN class=842414014-11082003><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=842414014-11082003><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=842414014-11082003><FONT face=Arial color=#0000ff size=2>You
certainly do need "domestic" in order to have Jcrypto which is needed for
IPSec. Export version does not have jcrypto. Regardless of what is
on the /var/tmp/ directory can you issue the command "show version brief" on
both RE and see if you have the jcrypto package installed? </FONT></SPAN></DIV>
<DIV> </DIV><FONT face=Arial size=2></FONT><BR>
<P><FONT face=Arial size=4>Thanks,</FONT> </P>
<P><FONT face=Arial size=4>Mario Puras</FONT> <BR><B><FONT face=Arial
color=#ff0000 size=4>S</FONT><FONT face=Arial size=4>olu</FONT><FONT face=Arial
color=#ff0000 size=4>N</FONT></B><FONT face=Arial size=4>et Technical
Support</FONT><FONT face=Arial><BR></FONT><FONT face="Times New Roman"
size=4>Mailto: mpuras@solunet.com<U></U></FONT><U><BR></U><FONT face=Arial
size=2>Direct: (321) 309-1410 </FONT> <BR><FONT face=Arial
size=2>888.449.5766 (USA) / 888.SOLUNET (Canada) </FONT></P>
<BLOCKQUOTE dir=ltr
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma
size=2>-----Original Message-----<BR><B>From:</B> Bosco Sachanandani
[mailto:Bosco.Sachanandani@orange.co.in]<BR><B>Sent:</B> Sunday, August 10,
2003 11:52 PM<BR><B>To:</B> juniper-nsp@puck.nether.net<BR><B>Subject:</B>
[j-nsp] IPSec config problem<BR><B>Importance:</B> High<BR><BR></FONT></DIV><!-- Converted from text/rtf format -->
<P><FONT face=Verdana color=#000000 size=2>Hi Team</FONT> </P>
<P><FONT face=Verdana color=#000000 size=2>Dunno if I am facing a strange
problem or whether I have missed out on a step. I need to be sure of this
before I raise a TAC with Juniper local support (who I may add are pretty
lousy!)</FONT></P>
<P><FONT face=Verdana color=#000000 size=2>Can anyone tell me what is the code
base that you loaded on the Juniper for IPSec support (Jcrypto)?</FONT> </P>
<P><FONT face=Verdana color=#000000 size=2>You see I can see the crypto code
base only on one routing engine and not on the other. The software bundle on
routing engine 0 and 1 under /var/tmp is
jbundle-5.5R3.1-export-signed.tgz</FONT></P>
<P><FONT face=Verdana color=#000000 size=2>When I issue the command
</FONT></P>
<P><FONT face=Verdana color=#000000 size=2>superuser@lab-re1> request
system software validate /var/tmp/jbundle-5.5R3.1-export-signed.tgz</FONT>
</P>
<P><FONT face=Verdana color=#000000 size=2>it DOES NOT validate the
configuration against the jcrypto code base on routing engine 1 but it does on
routing engine 0. The file size of the jbundle loaded on both routing-engines
is identical. Hence I cannot seem to figure out where the problem
is.</FONT></P>
<P><FONT face=Verdana color=#000000 size=2>As a result, re0 has the IPSec
configuration (currently the master) but re1 does not. When I do a commit sync
from the routing engine where I can see the IPSec config under the security
hierarchy, it does not return any errors.</FONT></P>
<P><FONT face=Verdana color=#000000 size=2>Couple of additional things:</FONT>
</P>
<P><FONT face=Verdana color=#000000 size=2>1) I was basically trying to set
the craft interface display when this problem started and a routing engine
fail over occurred. This is really strange since I expect a M20 to be more
stable!</FONT></P>
<P><FONT face=Verdana color=#000000 size=2>2) Due to this I had to restart the
routing engine with the above given code base.</FONT> </P>
<P><FONT face=Verdana color=#000000 size=2>3) On the routing engine where I
cannot see any entries under the EDIT SECURITY tab, I can see the
configuration of the ES-PIC. I have one ES PIC on this M20</FONT></P>
<P><FONT face=Verdana color=#000000 size=2>Please help!</FONT> </P>
<P><FONT face=Verdana color=#000000 size=2>Thanks in advance</FONT> <BR><FONT
face=Verdana color=#000000 size=2>Bosco</FONT> </P></BLOCKQUOTE></BODY></HTML>