[j-nsp] Juniper SRX MNHA with JSC

Aaron Gould aaron1 at gvtc.com
Mon Aug 11 14:02:15 EDT 2025 

Looking at a portion of the JSC client logs...

...
8/11/2025 12:45:29 PM - IpsDial: connection time interface 
choice,LocIpa=172.31.10.16,AdapterIndex=202,OsIndex=14
8/11/2025 12:45:29 PM - Ike: Opening connection in PATHFINDER mode : 
my-jsc-vpn-pro
8/11/2025 12:45:29 PM - Ike: Outgoing connect request AGGRESSIVE mode - 
gateway=123.123.123.225 : my-jsc-vpn-pro
8/11/2025 12:45:29 PM - Ike: ConRef=26, XMIT_MSG1_AGGRESSIVE, 
name=my-jsc-vpn-pro, vpngw=123.123.123.225:500
8/11/2025 12:45:29 PM - 
ike_phase1:send_id:ID_USER_FQDN:pid=0,port=0,lab at jsc.gvtc.com
8/11/2025 12:45:29 PM - Ike: ConRef=26, Send NAT-D vendor ID,remprt=500

Here’s where I see a difference… working here…

8/11/2025 12:45:29 PM - Ike: ConRef=26, RECV_MSG2_AGGRESSIVE, 
adapterindex=202,name=my-jsc-vpn-pro, remote 
ip:port=123.123.123.225:500,local ip:port=172.31.10.16:10952
8/11/2025 12:45:29 PM - Ike: IKE phase I: Setting LifeTime to 28800 seconds
8/11/2025 12:45:29 PM - Ike: Turning on XAUTH mode - my-jsc-vpn-pro
8/11/2025 12:45:29 PM - Ike: IkeSa1 negotiated with the following 
properties -
8/11/2025 12:45:29 PM - 
  Authentication=XAUTH_INIT_PSK,Encryption=AES,Hash=SHA_256,DHGroup=19,KeyLen=256
8/11/2025 12:45:29 PM - Ike: my-jsc-vpn-pro ->Support for NAT-T version - 9
8/11/2025 12:45:29 PM - Ike: Turning on NATD mode - my-jsc-vpn-pro - 1
...

================================================================================

...
8/11/2025 12:24:14 PM - IpsDial: connection time interface 
choice,LocIpa=172.31.10.16,AdapterIndex=202,OsIndex=14
8/11/2025 12:24:14 PM - Ike: Opening connection in PATHFINDER mode : 
my-jsc-vpn-pro
8/11/2025 12:24:14 PM - Ike: Outgoing connect request AGGRESSIVE mode - 
gateway=123.123.123.225 : my-jsc-vpn-pro
8/11/2025 12:24:14 PM - Ike: ConRef=24, XMIT_MSG1_AGGRESSIVE, 
name=my-jsc-vpn-pro, vpngw=123.123.123.225:500
8/11/2025 12:24:14 PM - 
ike_phase1:send_id:ID_USER_FQDN:pid=0,port=0,lab at jsc.gvtc.com
8/11/2025 12:24:14 PM - Ike: ConRef=24, Send NAT-D vendor ID,remprt=500

Here’s where I see a difference… not working here…

8/11/2025 12:24:14 PM - Ike: ConRef=24, NOTIFY : my-jsc-vpn-pro : 
RECEIVED : NO_PROPOSAL_CHOSEN : 14
8/11/2025 12:24:17 PM - Ike: ConRef=24, retry timeout, resend 
to=123.123.123.225
8/11/2025 12:24:17 PM - Isakmp: re-sending packet 
to=123.123.123.225:500,size=520
8/11/2025 12:24:21 PM - Ike: Switching to TCP ENCAPSULATION in 
PATHFINDER_1 : my-jsc-vpn-pro
...

-Aaron

More information about the juniper-nsp mailing list