[j-nsp] IPSec config problem
Bosco Sachanandani
Bosco.Sachanandani at orange.co.in
Mon Aug 11 21:20:06 EDT 2003
Hi Mario
Thanks for the feedback.
This is the problem I am facing. As you said when I do a show version brief, it DOES NOT show me Jcrypto on the "faulty" routing engine but shows me Jcrypto on the live routing engine.
I am validating the current software config on BOTH the routing engines against the SAME code base under the /var/tmp directory as mentioned below. It validates correctly on one, but does not validate on the other.
Any inputs would be much appreciated.
// Bosco
-----Original Message-----
From: MPuras at solunet.com [mailto:MPuras at solunet.com]
Sent: Monday, August 11, 2003 8:16 PM
To: Bosco Sachanandani; juniper-nsp at puck.nether.net
Subject: RE: [j-nsp] IPSec config problem
Bosco,
You certainly do need "domestic" in order to have Jcrypto which is needed for IPSec. Export version does not have jcrypto. Regardless of what is on the /var/tmp/ directory can you issue the command "show version brief" on both RE and see if you have the jcrypto package installed?
Thanks,
Mario Puras
SoluNet Technical Support
Mailto: mpuras at solunet.com
Direct: (321) 309-1410
888.449.5766 (USA) / 888.SOLUNET (Canada)
-----Original Message-----
From: Bosco Sachanandani [mailto:Bosco.Sachanandani at orange.co.in]
Sent: Sunday, August 10, 2003 11:52 PM
To: juniper-nsp at puck.nether.net
Subject: [j-nsp] IPSec config problem
Importance: High
Hi Team
Dunno if I am facing a strange problem or whether I have missed out on a step. I need to be sure of this before I raise a TAC with Juniper local support (who I may add are pretty lousy!)
Can anyone tell me what is the code base that you loaded on the Juniper for IPSec support (Jcrypto)?
You see I can see the crypto code base only on one routing engine and not on the other. The software bundle on routing engine 0 and 1 under /var/tmp is jbundle-5.5R3.1-export-signed.tgz
When I issue the command
superuser at lab-re1> request system software validate /var/tmp/jbundle-5.5R3.1-export-signed.tgz
it DOES NOT validate the configuration against the jcrypto code base on routing engine 1 but it does on routing engine 0. The file size of the jbundle loaded on both routing-engines is identical. Hence I cannot seem to figure out where the problem is.
As a result, re0 has the IPSec configuration (currently the master) but re1 does not. When I do a commit sync from the routing engine where I can see the IPSec config under the security hierarchy, it does not return any errors.
Couple of additional things:
1) I was basically trying to set the craft interface display when this problem started and a routing engine fail over occurred. This is really strange since I expect a M20 to be more stable!
2) Due to this I had to restart the routing engine with the above given code base.
3) On the routing engine where I cannot see any entries under the EDIT SECURITY tab, I can see the configuration of the ES-PIC. I have one ES PIC on this M20
Please help!
Thanks in advance
Bosco
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://puck.nether.net/pipermail/juniper-nsp/attachments/20030811/441aa8c1/attachment.htm
More information about the juniper-nsp
mailing list