[j-nsp] RE: kmd errors when using 'commit check' - IPSEC policy

[Bosco Sachanandani]

Another thing I noticed when create an INPUT filter (allowed IP prefixes from the remote end to my end via the IPSec tunnel) for the tunnel interface, is that it takes only ONE IP prefix. Whereas I can have a firewall filter which allows multiple OUTGOING prefixes on that interface.

Can someone explain why this "limitation" ? For the time being I have removed the INPUT filter and it works fine.


 Configuration error
  KMD_PARSE_ERROR: More than one source address is not allowed in the input filter defined under the ES interface
error: configuration check-out failed


thanks

-----Original Message-----
From: Bosco Sachanandani 
Sent: Thursday, October 07, 2004 3:10 PM
To: 'juniper-nsp at puck.nether.net'
Subject: kmd errors when using 'commit check' 



hello folks,

Anyone know what this error means ? I got this when configuring an IPSEC tunnel on an ES-PIC.

boscos at srmum1-re0# commit check 
../../../../src/juniper/usr.sbin/kmd/kmd_config.c:3131: insist 'FALSE' failed
error: Check-out pass for /usr/sbin/kmd (/usr/sbin/kmd) dumped core (0x86)
error: configuration check-out failed

I simply rolled back the config (rollback 0) and re-created the config from scratch. No errors then, so I was wondering what when wrong earlier.

There was no service disruption of any kind.

I am using JUNOS 5.5R3.1

regards,
Bosco



“The information in this message is confidential and may be legally privileged. It is intended solely for the addressee.  Access to this message by anyone else is unauthorized.  If you are not the intended recipient, any disclosure, copying, or distribution of the message, or any action or omission taken by you in reliance on it, is prohibited and may be unlawful.  Please immediately contact the sender if you have received this message in error. Thank you. Hutchison Max Telecom Pvt. Ltd.”