[j-nsp] 答复: 答复: SRX650 full-mesh vpn, ssh not passed

徐见 xujianlx at gmail.com
Mon Aug 5 22:27:34 EDT 2013 

Node 1’s configuration

 

发件人: Muhammad Atif Jauhar [mailto:atif.jauhar at gmail.com] 
发送时间: 2013年8月5日 21:36
收件人: 徐见
抄送: juniper-nsp at puck.nether.net
主题: Re: [j-nsp] 答复: SRX650 full-mesh vpn, ssh not passed

 

Hi,

Is it possible to share configuration of Node 1, Node 2 and Node 3. and also
output of Show route of Network behind Node 1 and Node 2 and Node 3 at all
Nodes (1, 2, and 3).

 

Regards,
Atif.

 

On Mon, Aug 5, 2013 at 10:58 AM, 徐见 <xujianlx at gmail.com> wrote:

Actually, when I disable the first link of node 1, all nodes could pass
every kind of traffic well, except node 2.
And I build an same lab system, the issue not happen.


-----邮件原件-----
发件人: Ojamo, V. [mailto:lists.ville at ojamo.eu]
发送时间: 2013年8月5日 15:02
收件人: '徐见'; juniper-nsp at puck.nether.net
主题: RE: [j-nsp] SRX650 full-mesh vpn, ssh not passed

The pictures cannot be viewed without Weibo account?


-V


> -----Original Message-----
> From: juniper-nsp [mailto:juniper-nsp-bounces at puck.nether.net]
> On Behalf Of ??
> Sent: Monday, August 05, 2013 1:18 PM
> To: juniper-nsp at puck.nether.net
> Subject: [j-nsp] SRX650 full-mesh vpn, ssh not passed
>

> Hi all:
>
>          As the theme said, I have a route-based vpn,
full-mesh
> topology,
> and run ospf protocol.
>
> Physical link topology is here:
>
> http://photo.weibo.com/2110817105/photos/detail/photo_id/3607
> 937263216169#36
> 07937263216169
>
> logical link topology is here:
>
>
> http://photo.weibo.com/2110817105/photos/detail/photo_id/3607
> 931668041778#36
> 07926685185940
>
> the issue just between node 1 and node 2.
>
> As you can see, there are four links on node 1, and one link
on node
> 2, and
> 2 vpn tunnel have been built between both,(st0.0, st0.1)
>
> And the two tunnel works as primary(st0.0) and backup(st0.1).
>
> The problem is, when primary down, ssh traffic from NET A to
NET
> B, can’t
> passed, but from NET B to NET A is ok,
>
> Show route “NET B”, show route “NET A” commands show both
of
> them have
> learned route from right tunnel (st0.1), ping command in
bidirection
> is ok
> too.
>
> Anyone could give any idea?
>
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp


_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list