[j-nsp] IPSec config problem
MPuras at solunet.com
MPuras at solunet.com
Mon Aug 11 11:46:29 EDT 2003
Bosco,
You certainly do need "domestic" in order to have Jcrypto which is needed
for IPSec. Export version does not have jcrypto. Regardless of what is on
the /var/tmp/ directory can you issue the command "show version brief" on
both RE and see if you have the jcrypto package installed?
Thanks,
Mario Puras
SoluNet Technical Support
Mailto: mpuras at solunet.com
Direct: (321) 309-1410
888.449.5766 (USA) / 888.SOLUNET (Canada)
-----Original Message-----
From: Bosco Sachanandani [mailto:Bosco.Sachanandani at orange.co.in]
Sent: Sunday, August 10, 2003 11:52 PM
To: juniper-nsp at puck.nether.net
Subject: [j-nsp] IPSec config problem
Importance: High
Hi Team
Dunno if I am facing a strange problem or whether I have missed out on a
step. I need to be sure of this before I raise a TAC with Juniper local
support (who I may add are pretty lousy!)
Can anyone tell me what is the code base that you loaded on the Juniper for
IPSec support (Jcrypto)?
You see I can see the crypto code base only on one routing engine and not on
the other. The software bundle on routing engine 0 and 1 under /var/tmp is
jbundle-5.5R3.1-export-signed.tgz
When I issue the command
superuser at lab-re1> request system software validate
/var/tmp/jbundle-5.5R3.1-export-signed.tgz
it DOES NOT validate the configuration against the jcrypto code base on
routing engine 1 but it does on routing engine 0. The file size of the
jbundle loaded on both routing-engines is identical. Hence I cannot seem to
figure out where the problem is.
As a result, re0 has the IPSec configuration (currently the master) but re1
does not. When I do a commit sync from the routing engine where I can see
the IPSec config under the security hierarchy, it does not return any
errors.
Couple of additional things:
1) I was basically trying to set the craft interface display when this
problem started and a routing engine fail over occurred. This is really
strange since I expect a M20 to be more stable!
2) Due to this I had to restart the routing engine with the above given code
base.
3) On the routing engine where I cannot see any entries under the EDIT
SECURITY tab, I can see the configuration of the ES-PIC. I have one ES PIC
on this M20
Please help!
Thanks in advance
Bosco
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://puck.nether.net/pipermail/juniper-nsp/attachments/20030811/8c52efe4/attachment.htm
More information about the juniper-nsp
mailing list