[j-nsp] Juniper Policy based VPN

George gmburu at cellulant.com
Mon Feb 15 11:16:43 EST 2010 

Hello Ali

I got no output in get ike cookie cmd for the remote peer, below is the
output of get sa (with IP replace).

0000008c< 192.168.8.8   500 esp:a256/md5  00000000 expir unlim I/I   163
0
0000008c> 192.168.8.8   500 esp:a256/md5  00000000 expir unlim I/I   164
0

I was reading this 
http://forums.juniper.net/t5/Firewalls/Strange-behaviour-on-proxy-id-in-relation-to-policy-based-VPN-s/td-p/17227;jsessionid=D03859B6C630C41327CB0AE8063DC5E5

there is something about multiple IP's in the destination, what is
proxyID about specifically.

Regards
George


On Mon, 2010-02-15 at 14:03 +0000, Humair Ali wrote:

> Hi George
> 
> well First thing first,
> 
> if it was working and all of sudden it became intermittent, then what
> has changed in your network ?
> 
> Does the remote end changed anything in terms of set up ?
> 
> when you try to re-establish , you say it is not passing through the
> VPN , what do you see in your events logs ?
> 
> if you do get ike cookie and get SA , what do you see ?
> 
> 
> Only route based vpn is bind to a Tunnel IF, policy basaed vpn is
> bind, well, to a policy with action "tunnel" (in the policy)
> 
> 
> On 15 February 2010 12:52, George <gmburu at cellulant.com> wrote:
> 
>         Hello
>         
>         We had a Juniper policy based VPN which was initially working,
>         all of a
>         sudden it became intermittent and we decided to re-do it. Now
>         after
>         redoing it, it refused to come up even as of now.
>         How do i sort it, and can a policy based VPN be binded to a
>         tunnel. For
>         the policy im using the Mapped IP to tunnel the traffic to the
>         remote
>         host bust incidentally it is not passing through the VPN when
>         I do a
>         trace.
>         
>         Regards
>         -    ----
>         George Mburu N.
>         Networks and Infrastructure
>         Cellulant Group
>         
>         Life, is mobile....
>         -    ----
>         _______________________________________________
>         juniper-nsp mailing list juniper-nsp at puck.nether.net
>         https://puck.nether.net/mailman/listinfo/juniper-nsp
> 
>

More information about the juniper-nsp mailing list