[j-nsp] Help needed with IPSEC VPN on J-Series

Bill Sandiford bill at telnetcommunications.com
Wed Mar 20 11:34:58 EDT 2013


Here is some outputŠIP addresses sanitized with x.x.x.x of course

> show security ipsec security-associations
  Total active tunnels: 1
  ID    Gateway          Port  Algorithm       SPI      Life:sec/kb  Mon
vsys
  <131073 x.x.x.x        500   ESP:3des/md5    28c1a297 2675/  838856 -
root
  >131073 x.x.x.x        500   ESP:3des/md5    7765d008 2675/  838856 -
root


> show interfaces st0
Physical interface: st0, Enabled, Physical link is Up
  Interface index: 129, SNMP ifIndex: 152
  Type: Secure-Tunnel, Link-level type: Secure-Tunnel, MTU: 9192
  Device flags   : Present Running
  Interface flags: Point-To-Point
  Input rate     : 0 bps (0 pps)
  Output rate    : 0 bps (0 pps)

  Logical interface st0.0 (Index 69) (SNMP ifIndex 597)
    Flags: Point-To-Point SNMP-Traps Encapsulation: Secure-Tunnel
    Input packets : 0
    Output packets: 0
    Security: Zone: trust
    Allowed host-inbound traffic : any-service bfd bgp dvmrp igmp ldp msdp
nhrp ospf
    pgm pim rip router-discovery rsvp sap vrrp
    Protocol inet, MTU: 9192
      Flags: Sendbcast-pkt-to-re










On 2013-03-20 11:28 AM, "Bjørn Tore" <bt at paulen.net> wrote:

>Are the st-interfaces UP? What does show security ipsec
>security-associations say? (Am offline; spellcheck needed...)
>
>Bjørn Tore @ mobil
>
>Den 20. mars 2013 kl. 15:46 skrev Bill Sandiford
><bill at telnetcommunications.com>:
>
>> Hi All,
>> 
>> I need some help with an IPSEC tunnel that I just can't seem to get
>>working on a J-6350.  I have been able to get the tunnels to come up,
>>but can't seem to pass traffic over the tunnels
>> 
>> I've done the usual things.  I've created an st0.0 interface and bound
>>it to the tunnel using the bind-interface command.  I've created a
>>static route and pointed it at the st0.0 interface.  I just can't seem
>>to get traffic to pass over the tunnel.
>> 
>> Any help or suggestions would be appreciated.  I'm also willing to put
>>a $$$ bounty on this for anyone that is willing to help me get it
>>working via teamviewer.
>> 
>> Regards,
>> Bill
>> 
>> 
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp




More information about the juniper-nsp mailing list