[j-nsp] Ipsec tunnel flapping
sameer mughal
pcs.sameer1 at gmail.com
Mon Jun 25 02:42:28 EDT 2018
both sites on srx.
following are the logs.
show log junilog|match st0.15
Jun 25 01:47:51 rpd[1867]: EVENT <UpDown> st0.15 index 86 <Broadcast
PointToPoint Multicast>
Jun 25 01:47:51 rpd[1867]: EVENT UpDown st0.15 index 86 <Broadcast
PointToPoint Multicast Localup>
Jun 25 01:47:51 rpd[1867]: EVENT UpDown st0.15 index 86 10.115.10.2 ->
10.115.10.2 <Broadcast PointToPoint Multicast Localup>
Jun 25 01:47:51 kmd[1902]: KMD_VPN_DOWN_ALARM_USER: VPN IPSEC-15-VPN from
103.229.87.66 is down. Local-ip: 124.29.233.138, gateway name: IKE-U15-GW,
vpn name: IPSEC-15-VPN, tunnel-id: 131075, local tunnel-if: st0.15, remote
tunnel-ip: 10.115.10.1, Local IKE-ID: 124.29.233.138, Remote IKE-ID:
103.229.87.66, XAUTH username: Not-Applicable, VR id: 0, Traffic-selector:
, Traffic-selector local ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0),
Traffic-selector remote ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0), SA Type:
Static, Reason: IPSec SA delete payload received from peer, corresponding
IPSec SAs cleared
Jun 25 01:47:51 mib2d[1865]: SNMP_TRAP_LINK_DOWN: ifIndex 588,
ifAdminStatus up(1), ifOperStatus down(2), ifName st0.15
Jun 25 01:48:06 kmd[1902]: KMD_VPN_UP_ALARM_USER: VPN IPSEC-15-VPN from
103.229.87.66 is up. Local-ip: 124.29.233.138, gateway name: IKE-U15-GW,
vpn name: IPSEC-15-VPN, tunnel-id: 131075, local tunnel-if: st0.15, remote
tunnel-ip: 10.115.10.1, Local IKE-ID: 124.29.233.138, Remote IKE-ID:
103.229.87.66, XAUTH username: Not-Applicable, VR id: 0, Traffic-selector:
, Traffic-selector local ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0),
Traffic-selector remote ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0), SA Type:
Static
Jun 25 01:48:06 rpd[1867]: EVENT <UpDown> st0.15 index 86 <Up Broadcast
PointToPoint Multicast>
Jun 25 01:48:06 rpd[1867]: EVENT UpDown st0.15 index 86 <Up Broadcast
PointToPoint Multicast>
Jun 25 01:48:06 rpd[1867]: EVENT UpDown st0.15 index 86 10.115.10.2 ->
10.115.10.2 <Up Broadcast PointToPoint Multicast>
Jun 25 01:48:06 mib2d[1865]: SNMP_TRAP_LINK_UP: ifIndex 588,
ifAdminStatus up(1), ifOperStatus up(1), ifName st0.15
Jun 25 01:51:52 kmd[1902]: KMD_VPN_DOWN_ALARM_USER: VPN IPSEC-15-VPN from
103.229.87.66 is down. Local-ip: 124.29.233.138, gateway name: IKE-U15-GW,
vpn name: IPSEC-15-VPN, tunnel-id: 131075, local tunnel-if: st0.15, remote
tunnel-ip: 10.115.10.1, Local IKE-ID: 124.29.233.138, Remote IKE-ID:
103.229.87.66, XAUTH username: Not-Applicable, VR id: 0, Traffic-selector:
, Traffic-selector local ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0),
Traffic-selector remote ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0), SA Type:
Static, Reason: IPSec SA delete payload received from peer, corresponding
IPSec SAs cleared
Jun 25 01:51:52 rpd[1867]: EVENT <UpDown> st0.15 index 86 <Broadcast
PointToPoint Multicast>
Jun 25 01:51:52 rpd[1867]: EVENT UpDown st0.15 index 86 <Broadcast
PointToPoint Multicast Localup>
Jun 25 01:51:52 rpd[1867]: EVENT UpDown st0.15 index 86 10.115.10.2 ->
10.115.10.2 <Broadcast PointToPoint Multicast Localup>
Jun 25 01:51:52 mib2d[1865]: SNMP_TRAP_LINK_DOWN: ifIndex 588,
ifAdminStatus up(1), ifOperStatus down(2), ifName st0.15
Jun 25 01:52:07 rpd[1867]: EVENT <UpDown> st0.15 index 86 <Up Broadcast
PointToPoint Multicast>
Jun 25 01:52:07 rpd[1867]: EVENT UpDown st0.15 index 86 <Up Broadcast
PointToPoint Multicast>
Jun 25 01:52:07 kmd[1902]: KMD_VPN_UP_ALARM_USER: VPN IPSEC-15-VPN from
103.229.87.66 is up. Local-ip: 124.29.233.138, gateway name: IKE-U15-GW,
vpn name: IPSEC-15-VPN, tunnel-id: 131075, local tunnel-if: st0.15, remote
tunnel-ip: 10.115.10.1, Local IKE-ID: 124.29.233.138, Remote IKE-ID:
103.229.87.66, XAUTH username: Not-Applicable, VR id: 0, Traffic-selector:
, Traffic-selector local ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0),
Traffic-selector remote ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0), SA Type:
Static
Jun 25 01:52:07 rpd[1867]: EVENT UpDown st0.15 index 86 10.115.10.2 ->
10.115.10.2 <Up Broadcast PointToPoint Multicast>
Jun 25 01:52:07 mib2d[1865]: SNMP_TRAP_LINK_UP: ifIndex 588,
ifAdminStatus up(1), ifOperStatus up(1), ifName st0.15
{primary:node0}
On Mon, Jun 25, 2018 at 3:03 AM, Alexandre Guimaraes <
alexandre.guimaraes at ascenty.com> wrote:
> Have you checked the errors? Do a deep Inspection and check the packets to
> see what’s the behavior that’s trigger the down state. Tcpdump Will give
> you hints.
>
> Both sides uses SRX?
>
> att
> Alexandre
>
> Em 24 de jun de 2018, à(s) 07:59, sameer mughal <pcs.sameer1 at gmail.com>
> escreveu:
>
> > Hi All,
> > I am facing ipsec tunnel flapping issue on srx550. Both sides isp links
> are
> > up and stable but still tunnel is flapping.
> > Can anyone facing similar problem or any solution to fix this issue?
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list