[j-nsp] JunOS 12.1X46-D40 IPSec VPN Monitor Issue/Bug

Michael Dale mdale at dalegroup.net
Sun Oct 11 18:08:03 EDT 2015

Hi All,

I've just spent a few hours over the weekend playing with 12.1X46-D40 and I believe I may have found a bug in the VPN Monitoring feature.

From what I can see 12.1X46-D40 is pulling down VPNs with VPN Monitor enabled even when the links between the sites are fine.

I have tested

1) SRX100 12.1X46-D40 <-> SRX240 12.1X44-D35
2) SRX220 12.1X46-D40 <-> 3x SRX110 12.1X44-D30

Now I haven't tested X46 <-> X46 VPNs so it may just be a compatibility issue between the two but X46-D35 did not have this issue.

So to fix on 1) I disabled VPN Monitoring and on 2) I downgraded the SRX220 to 12.1X46-D35. All the VPN links are stable again.

This command:

 show security ipsec security-associations detail

Was showing that the reason for "Tunnel Down" was VPN Monitoring.

Sometimes the VPN would stay up for a couple of hours other times it was dropping every 5-10 minutes, so it was a bit hard to troubleshoot at first!

Anyway I just thought I'd let you all know :)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20151012/4fc1cf55/attachment.sig>

More information about the juniper-nsp mailing list