[j-nsp] IPSec config problem

MPuras at solunet.com MPuras at solunet.com
Mon Aug 11 11:46:29 EDT 2003


Bosco,
 
 
You certainly do need "domestic" in order to have Jcrypto which is needed
for IPSec.  Export version does not have jcrypto.  Regardless of what is on
the /var/tmp/ directory can you issue the command "show version brief" on
both RE and see if you have the jcrypto package installed? 
 



Thanks, 

Mario Puras 
SoluNet Technical Support
Mailto: mpuras at solunet.com
Direct: (321) 309-1410  
888.449.5766 (USA) / 888.SOLUNET (Canada) 

-----Original Message-----
From: Bosco Sachanandani [mailto:Bosco.Sachanandani at orange.co.in]
Sent: Sunday, August 10, 2003 11:52 PM
To: juniper-nsp at puck.nether.net
Subject: [j-nsp] IPSec config problem
Importance: High



Hi Team 

Dunno if I am facing a strange problem or whether I have missed out on a
step. I need to be sure of this before I raise a TAC with Juniper local
support (who I may add are pretty lousy!)

Can anyone tell me what is the code base that you loaded on the Juniper for
IPSec support (Jcrypto)? 

You see I can see the crypto code base only on one routing engine and not on
the other. The software bundle on routing engine 0 and 1 under /var/tmp is
jbundle-5.5R3.1-export-signed.tgz

When I issue the command 

superuser at lab-re1> request system software validate
/var/tmp/jbundle-5.5R3.1-export-signed.tgz 

it DOES NOT validate the configuration against the jcrypto code base on
routing engine 1 but it does on routing engine 0. The file size of the
jbundle loaded on both routing-engines is identical. Hence I cannot seem to
figure out where the problem is.

As a result, re0 has the IPSec configuration (currently the master) but re1
does not. When I do a commit sync from the routing engine where I can see
the IPSec config under the security hierarchy, it does not return any
errors.

Couple of additional things: 

1) I was basically trying to set the craft interface display when this
problem started and a routing engine fail over occurred. This is really
strange since I expect a M20 to be more stable!

2) Due to this I had to restart the routing engine with the above given code
base. 

3) On the routing engine where I cannot see any entries under the EDIT
SECURITY tab, I can see the configuration of the ES-PIC. I have one ES PIC
on this M20

Please help! 

Thanks in advance 
Bosco 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://puck.nether.net/pipermail/juniper-nsp/attachments/20030811/8c52efe4/attachment.htm


More information about the juniper-nsp mailing list