[j-nsp] SRX650 full-mesh vpn, ssh not passed
徐见
xujianlx at gmail.com
Mon Aug 5 02:17:32 EDT 2013
Hi all:
As the theme said, I have a route-based vpn, full-mesh topology,
and run ospf protocol.
Physical link topology is here:
http://photo.weibo.com/2110817105/photos/detail/photo_id/3607937263216169#36
07937263216169
logical link topology is here:
http://photo.weibo.com/2110817105/photos/detail/photo_id/3607931668041778#36
07926685185940
the issue just between node 1 and node 2.
As you can see, there are four links on node 1, and one link on node 2, and
2 vpn tunnel have been built between both,(st0.0, st0.1)
And the two tunnel works as primary(st0.0) and backup(st0.1).
The problem is, when primary down, ssh traffic from NET A to NET B, can’t
passed, but from NET B to NET A is ok,
Show route “NET B”, show route “NET A” commands show both of them have
learned route from right tunnel (st0.1), ping command in bidirection is ok
too.
Anyone could give any idea?
More information about the juniper-nsp
mailing list