[j-nsp] IPSec config problem

Bosco Sachanandani Bosco.Sachanandani at orange.co.in
Mon Aug 11 21:33:11 EDT 2003 

Hey Team.
 
Sorry to bother you guys.
 
Turns out that the software was stored under some other path (by who, I am gonna find out soon)! Mario's clue of "domestic" gave me that idea that I over-looked earlier :(
 
After installation, both routing engines have the same code base.
 
Cheers
Bosco

-----Original Message-----
From: Bosco Sachanandani 
Sent: Monday, August 11, 2003 8:20 PM
To: 'MPuras at solunet.com'; juniper-nsp at puck.nether.net
Subject: RE: [j-nsp] IPSec config problem


Hi Mario
 
Thanks for the feedback.
 
This is the problem I am facing. As you said when I do a show version brief, it DOES NOT show me Jcrypto on the "faulty" routing engine but shows me Jcrypto on the live routing engine.
 
I am validating the current software config on BOTH the routing engines against the SAME code base under the /var/tmp directory as mentioned below. It validates correctly on one, but does not validate on the other.
 
Any inputs would be much appreciated.
 
// Bosco

-----Original Message-----
From: MPuras at solunet.com [mailto:MPuras at solunet.com]
Sent: Monday, August 11, 2003 8:16 PM
To: Bosco Sachanandani; juniper-nsp at puck.nether.net
Subject: RE: [j-nsp] IPSec config problem


Bosco,
 
 
You certainly do need "domestic" in order to have Jcrypto which is needed for IPSec.  Export version does not have jcrypto.  Regardless of what is on the /var/tmp/ directory can you issue the command "show version brief" on both RE and see if you have the jcrypto package installed? 
 



Thanks, 

Mario Puras 
SoluNet Technical Support
Mailto: mpuras at solunet.com
Direct: (321) 309-1410  
888.449.5766 (USA) / 888.SOLUNET (Canada) 

-----Original Message-----
From: Bosco Sachanandani [mailto:Bosco.Sachanandani at orange.co.in]
Sent: Sunday, August 10, 2003 11:52 PM
To: juniper-nsp at puck.nether.net
Subject: [j-nsp] IPSec config problem
Importance: High



Hi Team 

Dunno if I am facing a strange problem or whether I have missed out on a step. I need to be sure of this before I raise a TAC with Juniper local support (who I may add are pretty lousy!)

Can anyone tell me what is the code base that you loaded on the Juniper for IPSec support (Jcrypto)? 

You see I can see the crypto code base only on one routing engine and not on the other. The software bundle on routing engine 0 and 1 under /var/tmp is jbundle-5.5R3.1-export-signed.tgz

When I issue the command 

superuser at lab-re1> request system software validate /var/tmp/jbundle-5.5R3.1-export-signed.tgz 

it DOES NOT validate the configuration against the jcrypto code base on routing engine 1 but it does on routing engine 0. The file size of the jbundle loaded on both routing-engines is identical. Hence I cannot seem to figure out where the problem is.

As a result, re0 has the IPSec configuration (currently the master) but re1 does not. When I do a commit sync from the routing engine where I can see the IPSec config under the security hierarchy, it does not return any errors.

Couple of additional things: 

1) I was basically trying to set the craft interface display when this problem started and a routing engine fail over occurred. This is really strange since I expect a M20 to be more stable!

2) Due to this I had to restart the routing engine with the above given code base. 

3) On the routing engine where I cannot see any entries under the EDIT SECURITY tab, I can see the configuration of the ES-PIC. I have one ES PIC on this M20

Please help! 

Thanks in advance 
Bosco 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://puck.nether.net/pipermail/juniper-nsp/attachments/20030811/bd89f42b/attachment-0001.htm

More information about the juniper-nsp mailing list