[j-nsp] Help needed with IPSEC VPN on J-Series

Werner le Grange wernerlegrange at gmail.com
Wed Mar 20 12:09:44 EDT 2013 

Check the MTU of the physical interface, some GigE interface modules on the
J-Series routers only support 9014 bytes, Junos allows you to set to 9192,
try to drop the MTU value to 9000 bytes.

On Wednesday, March 20, 2013, Bill Sandiford wrote:

> Here is some outputŠIP addresses sanitized with x.x.x.x of course
>
> > show security ipsec security-associations
>   Total active tunnels: 1
>   ID    Gateway          Port  Algorithm       SPI      Life:sec/kb  Mon
> vsys
>   <131073 x.x.x.x        500   ESP:3des/md5    28c1a297 2675/  838856 -
> root
>   >131073 x.x.x.x        500   ESP:3des/md5    7765d008 2675/  838856 -
> root
>
>
> > show interfaces st0
> Physical interface: st0, Enabled, Physical link is Up
>   Interface index: 129, SNMP ifIndex: 152
>   Type: Secure-Tunnel, Link-level type: Secure-Tunnel, MTU: 9192
>   Device flags   : Present Running
>   Interface flags: Point-To-Point
>   Input rate     : 0 bps (0 pps)
>   Output rate    : 0 bps (0 pps)
>
>   Logical interface st0.0 (Index 69) (SNMP ifIndex 597)
>     Flags: Point-To-Point SNMP-Traps Encapsulation: Secure-Tunnel
>     Input packets : 0
>     Output packets: 0
>     Security: Zone: trust
>     Allowed host-inbound traffic : any-service bfd bgp dvmrp igmp ldp msdp
> nhrp ospf
>     pgm pim rip router-discovery rsvp sap vrrp
>     Protocol inet, MTU: 9192
>       Flags: Sendbcast-pkt-to-re
>
>
>
>
>
>
>
>
>
>
> On 2013-03-20 11:28 AM, "Bjørn Tore" <bt at paulen.net <javascript:;>> wrote:
>
> >Are the st-interfaces UP? What does show security ipsec
> >security-associations say? (Am offline; spellcheck needed...)
> >
> >Bjørn Tore @ mobil
> >
> >Den 20. mars 2013 kl. 15:46 skrev Bill Sandiford
> ><bill at telnetcommunications.com <javascript:;>>:
> >
> >> Hi All,
> >>
> >> I need some help with an IPSEC tunnel that I just can't seem to get
> >>working on a J-6350.  I have been able to get the tunnels to come up,
> >>but can't seem to pass traffic over the tunnels
> >>
> >> I've done the usual things.  I've created an st0.0 interface and bound
> >>it to the tunnel using the bind-interface command.  I've created a
> >>static route and pointed it at the st0.0 interface.  I just can't seem
> >>to get traffic to pass over the tunnel.
> >>
> >> Any help or suggestions would be appreciated.  I'm also willing to put
> >>a $$$ bounty on this for anyone that is willing to help me get it
> >>working via teamviewer.
> >>
> >> Regards,
> >> Bill
> >>
> >>
> >> _______________________________________________
> >> juniper-nsp mailing list juniper-nsp at puck.nether.net <javascript:;>
> >> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net <javascript:;>
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>

More information about the juniper-nsp mailing list