[j-nsp] JunOS 12.1X46-D40 IPSec VPN Monitor Issue/Bug
Michael Dale
mdale at dalegroup.net
Sun Oct 11 18:08:03 EDT 2015
Hi All,
I've just spent a few hours over the weekend playing with 12.1X46-D40 and I believe I may have found a bug in the VPN Monitoring feature.
From what I can see 12.1X46-D40 is pulling down VPNs with VPN Monitor enabled even when the links between the sites are fine.
I have tested
1) SRX100 12.1X46-D40 <-> SRX240 12.1X44-D35
2) SRX220 12.1X46-D40 <-> 3x SRX110 12.1X44-D30
Now I haven't tested X46 <-> X46 VPNs so it may just be a compatibility issue between the two but X46-D35 did not have this issue.
So to fix on 1) I disabled VPN Monitoring and on 2) I downgraded the SRX220 to 12.1X46-D35. All the VPN links are stable again.
This command:
show security ipsec security-associations detail
Was showing that the reason for "Tunnel Down" was VPN Monitoring.
Sometimes the VPN would stay up for a couple of hours other times it was dropping every 5-10 minutes, so it was a bit hard to troubleshoot at first!
Anyway I just thought I'd let you all know :)
Michael.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20151012/4fc1cf55/attachment.sig>
More information about the juniper-nsp
mailing list