[j-nsp] 答复: SRX650 full-mesh vpn, ssh not passed
Muhammad Atif Jauhar
atif.jauhar at gmail.com
Mon Aug 5 09:36:15 EDT 2013
Hi,
Is it possible to share configuration of Node 1, Node 2 and Node 3. and
also output of Show route of Network behind Node 1 and Node 2 and Node 3 at
all Nodes (1, 2, and 3).
Regards,
Atif.
On Mon, Aug 5, 2013 at 10:58 AM, 徐见 <xujianlx at gmail.com> wrote:
> Actually, when I disable the first link of node 1, all nodes could pass
> every kind of traffic well, except node 2.
> And I build an same lab system, the issue not happen.
>
> -----邮件原件-----
> 发件人: Ojamo, V. [mailto:lists.ville at ojamo.eu]
> 发送时间: 2013年8月5日 15:02
> 收件人: '徐见'; juniper-nsp at puck.nether.net
> 主题: RE: [j-nsp] SRX650 full-mesh vpn, ssh not passed
>
> The pictures cannot be viewed without Weibo account?
>
>
> -V
>
>
> > -----Original Message-----
> > From: juniper-nsp [mailto:juniper-nsp-bounces at puck.nether.net]
> > On Behalf Of ??
> > Sent: Monday, August 05, 2013 1:18 PM
> > To: juniper-nsp at puck.nether.net
> > Subject: [j-nsp] SRX650 full-mesh vpn, ssh not passed
> >
> > Hi all:
> >
> > As the theme said, I have a route-based vpn,
> full-mesh
> > topology,
> > and run ospf protocol.
> >
> > Physical link topology is here:
> >
> > http://photo.weibo.com/2110817105/photos/detail/photo_id/3607
> > 937263216169#36
> > 07937263216169
> >
> > logical link topology is here:
> >
> >
> > http://photo.weibo.com/2110817105/photos/detail/photo_id/3607
> > 931668041778#36
> > 07926685185940
> >
> > the issue just between node 1 and node 2.
> >
> > As you can see, there are four links on node 1, and one link
> on node
> > 2, and
> > 2 vpn tunnel have been built between both,(st0.0, st0.1)
> >
> > And the two tunnel works as primary(st0.0) and backup(st0.1).
> >
> > The problem is, when primary down, ssh traffic from NET A to
> NET
> > B, can’t
> > passed, but from NET B to NET A is ok,
> >
> > Show route “NET B”, show route “NET A” commands show both
> of
> > them have
> > learned route from right tunnel (st0.1), ping command in
> bidirection
> > is ok
> > too.
> >
> > Anyone could give any idea?
> >
> >
> >
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list