[j-nsp] Netscreen dialup vpn questions
mailers at oranged.to
mailers at oranged.to
Tue Apr 27 02:28:47 EDT 2010
Hello,
I have recently swapped out a Cisco ASA with a Juniper SSG due to some problems with SIP on the ASA. The Juniper has been working really well with SIP but I have some problems with the VPN which I am trying to resolve. We have hundreds of dialup IPSEC VPN users who authenticate using RADIUS. The problem is that they keep on getting disconnected or having problems connecting. When I go and monitor the VPN's in the GUI I get the following...
Dialup_VPN 0000817b -1/-1 <IP> AutoIKE Active Down
Dialup_VPN 0000816d -1/-1 <IP> AutoIKE Active Down
Dialup_VPN 00008176 -1/-1 <IP> AutoIKE Active Down
Dialup_VPN 0000816b -1/-1 <IP> AutoIKE Active Down
Dialup_VPN 0000814b -1/-1 <IP> AutoIKE Active Down
Dialup_VPN 0000817a -1/-1 <IP> AutoIKE Active Down
Dialup_VPN 0000816a -1/-1 <IP> AutoIKE Active Down
Where we see the tunnels are active but the link is down.. The users then appear to be unable to reconnect. Is there a way to automatically flush the credentials/sa etc so that when they disconnect they are able to log back in again? Where can I go for trying to debug this stuff more easily? Any advice would be really appreciated.
Regards,
Jimmy.
More information about the juniper-nsp
mailing list