[j-nsp] Ipsec tunnel flapping
sameer mughal
pcs.sameer1 at gmail.com
Tue Jul 3 02:29:48 EDT 2018
anyone, check my below raise issue?
On Thu, Jun 28, 2018 at 3:54 PM, sameer mughal <pcs.sameer1 at gmail.com>
wrote:
> remote site logs are also shared below:
>
> Jun 28 17:23:20 rpd[1398]: EVENT <UpDown> st0.0 index 79 <Broadcast
> PointToPoint Multicast>
> Jun 28 17:23:20 kmd[1403]: KMD_VPN_DOWN_ALARM_USER: VPN VPN-SOORTY from
> 123.123.123.123 is down. Local-ip: 50.50.50.50, gateway name: gw-soortybd,
> vpn name: VPN-SOORTY, tunnel-id: 131073, local tunnel-if: st0.0, remote
> tunnel-ip: 10.115.10.2, Local IKE-ID: 50.50.50.50, Remote IKE-ID:
> 123.123.123.123, XAUTH username: Not-Applicable, VR id: 0
> Jun 28 17:23:20 rpd[1398]: EVENT UpDown st0.0 index 79 <Broadcast
> PointToPoint Multicast Localup>
> Jun 28 17:23:20 rpd[1398]: EVENT UpDown st0.0 index 79 10.115.10.1 ->
> 10.115.10.1 <Broadcast PointToPoint Multicast Localup>
> Jun 28 17:23:20 IFP trace> ifp_ifl_anydown_change_event: IFL anydown
> change event: "st0.0"
> Jun 28 17:23:20 IFP trace> ifp_ifl_chg: IFL chg: "st0.0 ifl_id 79"
> Jun 28 17:23:20 IFP trace> ifp_create_tunnel_session: duplicate tunnel
> session add(st0). skip tunnel session creation
> Jun 28 17:23:20 mib2d[1426]: SNMP_TRAP_LINK_DOWN: ifIndex 584,
> ifAdminStatus up(1), ifOperStatus down(2), ifName st0.0
> Jun 28 17:23:35 rpd[1398]: EVENT <UpDown> st0.0 index 79 <Up Broadcast
> PointToPoint Multicast>
> Jun 28 17:23:35 kmd[1403]: KMD_PM_SA_ESTABLISHED: Local gateway:
> 50.50.50.50, Remote gateway: 123.123.123.123, Local ID:
> ipv4_subnet(any:0,[0..7]=0.0.0.0/0), Remote ID: ipv4_subnet(any:0,[0..7]=
> 0.0.0.0/0), Direction: inbound, SPI: 0x9e4d39d0, AUX-SPI: 0, Mode:
> Tunnel, Type: dynamic
> Jun 28 17:23:35 rpd[1398]: EVENT UpDown st0.0 index 79 <Up Broadcast
> PointToPoint Multicast>
> Jun 28 17:23:35 kmd[1403]: KMD_PM_SA_ESTABLISHED: Local gateway:
> 50.50.50.50, Remote gateway: 123.123.123.123, Local ID:
> ipv4_subnet(any:0,[0..7]=0.0.0.0/0), Remote ID: ipv4_subnet(any:0,[0..7]=
> 0.0.0.0/0), Direction: outbound, SPI: 0xabfd4940, AUX-SPI: 0, Mode:
> Tunnel, Type: dynamic
> Jun 28 17:23:35 rpd[1398]: EVENT UpDown st0.0 index 79 10.115.10.1 ->
> 10.115.10.1 <Up Broadcast PointToPoint Multicast>
> Jun 28 17:23:35 kmd[1403]: KMD_VPN_UP_ALARM_USER: VPN VPN-SOORTY from
> 123.123.123.123 is up. Local-ip: 50.50.50.50, gateway name: gw-soortybd,
> vpn name: VPN-SOORTY, tunnel-id: 131073, local tunnel-if: st0.0, remote
> tunnel-ip: 10.115.10.2, Local IKE-ID: 50.50.50.50, Remote IKE-ID:
> 123.123.123.123, XAUTH username: Not-Applicable, VR id: 0
> Jun 28 17:23:35 IFP trace> ifp_ifl_anydown_change_event: IFL anydown
> change event: "st0.0"
> Jun 28 17:23:35 IFP trace> ifp_ifl_chg: IFL chg: "st0.0 ifl_id 79"
> Jun 28 17:23:35 IFP trace> ifp_create_tunnel_session: duplicate tunnel
> session add(st0). skip tunnel session creation
> Jun 28 17:23:35 mib2d[1426]: SNMP_TRAP_LINK_UP: ifIndex 584,
> ifAdminStatus up(1), ifOperStatus up(1), ifName st0.0
>
>
> On Thu, Jun 28, 2018 at 3:24 PM, sameer mughal <pcs.sameer1 at gmail.com>
> wrote:
>
>> Gentlemans,
>>
>> anyone help me on this issue?
>>
>> On Mon, Jun 25, 2018 at 10:37 PM, sameer mughal <pcs.sameer1 at gmail.com>
>> wrote:
>>
>>> Dear Alexandre,
>>> Please guide how can I fix this issue? It raise suddenly before this on
>>> same configuration ipsec tunnel was working fine for more than 5 to 6
>>> months.
>>>
>>> On Mon, Jun 25, 2018, 8:22 PM Alexandre Guimaraes <
>>> alexandre.guimaraes at ascenty.com> wrote:
>>>
>>>> Sameer
>>>>
>>>>
>>>> Reason: IPSec SA delete payload received from peer, corresponding IPSec
>>>> SAs cleared
>>>>
>>>>
>>>> This is a phase 2 problem, maybe deadpeerdetection failure, VPN
>>>> monitoring failure, a failure during rekey when old SA is deleted
>>>> notification sent to delete old SA. Most of the cases.
>>>>
>>>>
>>>>
>>>> att
>>>> Alexandre
>>>>
>>>> Em 25 de jun de 2018, à(s) 03:42, sameer mughal <pcs.sameer1 at gmail.com>
>>>> escreveu:
>>>>
>>>> both sites on srx.
>>>> following are the logs.
>>>>
>>>> show log junilog|match st0.15
>>>> Jun 25 01:47:51 rpd[1867]: EVENT <UpDown> st0.15 index 86 <Broadcast
>>>> PointToPoint Multicast>
>>>> Jun 25 01:47:51 rpd[1867]: EVENT UpDown st0.15 index 86 <Broadcast
>>>> PointToPoint Multicast Localup>
>>>> Jun 25 01:47:51 rpd[1867]: EVENT UpDown st0.15 index 86 10.115.10.2
>>>> -> 10.115.10.2 <Broadcast PointToPoint Multicast Localup>
>>>> Jun 25 01:47:51 kmd[1902]: KMD_VPN_DOWN_ALARM_USER: VPN IPSEC-15-VPN
>>>> from 103.229.87.66 is down. Local-ip: 124.29.233.138, gateway name:
>>>> IKE-U15-GW, vpn name: IPSEC-15-VPN, tunnel-id: 131075, local tunnel-if:
>>>> st0.15, remote tunnel-ip: 10.115.10.1, Local IKE-ID: 124.29.233.138, Remote
>>>> IKE-ID: 103.229.87.66, XAUTH username: Not-Applicable, VR id: 0,
>>>> Traffic-selector: , Traffic-selector local ID: ipv4_subnet(any:0,[0..7]=
>>>> 0.0.0.0/0), Traffic-selector remote ID: ipv4_subnet(any:0,[0..7]=0.0.0
>>>> .0/0), SA Type: Static, Reason: IPSec SA delete payload received from
>>>> peer, corresponding IPSec SAs cleared
>>>> Jun 25 01:47:51 mib2d[1865]: SNMP_TRAP_LINK_DOWN: ifIndex 588,
>>>> ifAdminStatus up(1), ifOperStatus down(2), ifName st0.15
>>>> Jun 25 01:48:06 kmd[1902]: KMD_VPN_UP_ALARM_USER: VPN IPSEC-15-VPN
>>>> from 103.229.87.66 is up. Local-ip: 124.29.233.138, gateway name:
>>>> IKE-U15-GW, vpn name: IPSEC-15-VPN, tunnel-id: 131075, local tunnel-if:
>>>> st0.15, remote tunnel-ip: 10.115.10.1, Local IKE-ID: 124.29.233.138, Remote
>>>> IKE-ID: 103.229.87.66, XAUTH username: Not-Applicable, VR id: 0,
>>>> Traffic-selector: , Traffic-selector local ID: ipv4_subnet(any:0,[0..7]=
>>>> 0.0.0.0/0), Traffic-selector remote ID: ipv4_subnet(any:0,[0..7]=0.0.0
>>>> .0/0), SA Type: Static
>>>> Jun 25 01:48:06 rpd[1867]: EVENT <UpDown> st0.15 index 86 <Up
>>>> Broadcast PointToPoint Multicast>
>>>> Jun 25 01:48:06 rpd[1867]: EVENT UpDown st0.15 index 86 <Up Broadcast
>>>> PointToPoint Multicast>
>>>> Jun 25 01:48:06 rpd[1867]: EVENT UpDown st0.15 index 86 10.115.10.2
>>>> -> 10.115.10.2 <Up Broadcast PointToPoint Multicast>
>>>> Jun 25 01:48:06 mib2d[1865]: SNMP_TRAP_LINK_UP: ifIndex 588,
>>>> ifAdminStatus up(1), ifOperStatus up(1), ifName st0.15
>>>> Jun 25 01:51:52 kmd[1902]: KMD_VPN_DOWN_ALARM_USER: VPN IPSEC-15-VPN
>>>> from 103.229.87.66 is down. Local-ip: 124.29.233.138, gateway name:
>>>> IKE-U15-GW, vpn name: IPSEC-15-VPN, tunnel-id: 131075, local tunnel-if:
>>>> st0.15, remote tunnel-ip: 10.115.10.1, Local IKE-ID: 124.29.233.138, Remote
>>>> IKE-ID: 103.229.87.66, XAUTH username: Not-Applicable, VR id: 0,
>>>> Traffic-selector: , Traffic-selector local ID: ipv4_subnet(any:0,[0..7]=
>>>> 0.0.0.0/0), Traffic-selector remote ID: ipv4_subnet(any:0,[0..7]=0.0.0
>>>> .0/0), SA Type: Static, Reason: IPSec SA delete payload received from
>>>> peer, corresponding IPSec SAs cleared
>>>> Jun 25 01:51:52 rpd[1867]: EVENT <UpDown> st0.15 index 86 <Broadcast
>>>> PointToPoint Multicast>
>>>> Jun 25 01:51:52 rpd[1867]: EVENT UpDown st0.15 index 86 <Broadcast
>>>> PointToPoint Multicast Localup>
>>>> Jun 25 01:51:52 rpd[1867]: EVENT UpDown st0.15 index 86 10.115.10.2
>>>> -> 10.115.10.2 <Broadcast PointToPoint Multicast Localup>
>>>> Jun 25 01:51:52 mib2d[1865]: SNMP_TRAP_LINK_DOWN: ifIndex 588,
>>>> ifAdminStatus up(1), ifOperStatus down(2), ifName st0.15
>>>> Jun 25 01:52:07 rpd[1867]: EVENT <UpDown> st0.15 index 86 <Up
>>>> Broadcast PointToPoint Multicast>
>>>> Jun 25 01:52:07 rpd[1867]: EVENT UpDown st0.15 index 86 <Up Broadcast
>>>> PointToPoint Multicast>
>>>> Jun 25 01:52:07 kmd[1902]: KMD_VPN_UP_ALARM_USER: VPN IPSEC-15-VPN
>>>> from 103.229.87.66 is up. Local-ip: 124.29.233.138, gateway name:
>>>> IKE-U15-GW, vpn name: IPSEC-15-VPN, tunnel-id: 131075, local tunnel-if:
>>>> st0.15, remote tunnel-ip: 10.115.10.1, Local IKE-ID: 124.29.233.138, Remote
>>>> IKE-ID: 103.229.87.66, XAUTH username: Not-Applicable, VR id: 0,
>>>> Traffic-selector: , Traffic-selector local ID: ipv4_subnet(any:0,[0..7]=
>>>> 0.0.0.0/0), Traffic-selector remote ID: ipv4_subnet(any:0,[0..7]=0.0.0
>>>> .0/0), SA Type: Static
>>>> Jun 25 01:52:07 rpd[1867]: EVENT UpDown st0.15 index 86 10.115.10.2
>>>> -> 10.115.10.2 <Up Broadcast PointToPoint Multicast>
>>>> Jun 25 01:52:07 mib2d[1865]: SNMP_TRAP_LINK_UP: ifIndex 588,
>>>> ifAdminStatus up(1), ifOperStatus up(1), ifName st0.15
>>>>
>>>> {primary:node0}
>>>>
>>>> On Mon, Jun 25, 2018 at 3:03 AM, Alexandre Guimaraes <
>>>> alexandre.guimaraes at ascenty.com> wrote:
>>>>
>>>>> Have you checked the errors? Do a deep Inspection and check the
>>>>> packets to see what’s the behavior that’s trigger the down state. Tcpdump
>>>>> Will give you hints.
>>>>>
>>>>> Both sides uses SRX?
>>>>>
>>>>> att
>>>>> Alexandre
>>>>>
>>>>> Em 24 de jun de 2018, à(s) 07:59, sameer mughal <pcs.sameer1 at gmail.com>
>>>>> escreveu:
>>>>>
>>>>> > Hi All,
>>>>> > I am facing ipsec tunnel flapping issue on srx550. Both sides isp
>>>>> links are
>>>>> > up and stable but still tunnel is flapping.
>>>>> > Can anyone facing similar problem or any solution to fix this issue?
>>>>> > _______________________________________________
>>>>> > juniper-nsp mailing list juniper-nsp at puck.nether.net
>>>>> > https://puck.nether.net/mailman/listinfo/juniper-nsp
>>>>>
>>>>
>>>>
>>
>
More information about the juniper-nsp
mailing list