<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE>IPSec config problem</TITLE>
<META content="MSHTML 6.00.2800.1170" name=GENERATOR></HEAD>
<BODY>
<DIV><SPAN class=151405514-11082003><FONT face=Verdana color=#000080 size=2>Hey
Team.</FONT></SPAN></DIV>
<DIV><SPAN class=151405514-11082003><FONT face=Verdana color=#000080
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=151405514-11082003><FONT face=Verdana color=#000080
size=2>Sorry to bother you guys.</FONT></SPAN></DIV>
<DIV><SPAN class=151405514-11082003><FONT face=Verdana color=#000080
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=151405514-11082003><FONT face=Verdana color=#000080
size=2>Turns out that the software was stored under some other path (by who, I
am gonna find out soon)! Mario's clue of "domestic" gave me that idea that I
over-looked earlier :(</FONT></SPAN></DIV>
<DIV><SPAN class=151405514-11082003><FONT face=Verdana color=#000080
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=151405514-11082003><FONT face=Verdana color=#000080
size=2>After installation, both routing engines have the same code
base.</FONT></SPAN></DIV>
<DIV><SPAN class=151405514-11082003><FONT face=Verdana color=#000080
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=151405514-11082003><FONT face=Verdana color=#000080
size=2>Cheers</FONT></SPAN></DIV>
<DIV><SPAN class=151405514-11082003><FONT face=Verdana color=#000080
size=2>Bosco</FONT></SPAN></DIV>
<BLOCKQUOTE dir=ltr style="MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma
size=2>-----Original Message-----<BR><B>From:</B> Bosco Sachanandani
<BR><B>Sent:</B> Monday, August 11, 2003 8:20 PM<BR><B>To:</B>
'MPuras@solunet.com'; juniper-nsp@puck.nether.net<BR><B>Subject:</B> RE:
[j-nsp] IPSec config problem<BR><BR></FONT></DIV>
<DIV><SPAN class=178134614-11082003><FONT face=Verdana color=#000080 size=2>Hi
Mario</FONT></SPAN></DIV>
<DIV><SPAN class=178134614-11082003><FONT face=Verdana color=#000080
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=178134614-11082003><FONT face=Verdana color=#000080
size=2>Thanks for the feedback.</FONT></SPAN></DIV>
<DIV><SPAN class=178134614-11082003><FONT face=Verdana color=#000080
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=178134614-11082003><FONT face=Verdana color=#000080
size=2>This is the problem I am facing. As you said when I do a show version
brief, it DOES NOT show me Jcrypto on the "faulty" routing engine but shows me
Jcrypto on the live routing engine.</FONT></SPAN></DIV>
<DIV><SPAN class=178134614-11082003><FONT face=Verdana color=#000080
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=178134614-11082003><FONT face=Verdana color=#000080 size=2>I
am validating the current software config on BOTH the routing engines against
the SAME code base under the /var/tmp directory as mentioned below. It
validates correctly on one, but does not validate on the
other.</FONT></SPAN></DIV>
<DIV><SPAN class=178134614-11082003><FONT face=Verdana color=#000080
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=178134614-11082003><FONT face=Verdana color=#000080
size=2>Any inputs would be much appreciated.</FONT></SPAN></DIV>
<DIV><SPAN class=178134614-11082003><FONT face=Verdana color=#000080
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=178134614-11082003><FONT face=Verdana color=#000080 size=2>//
Bosco</FONT></SPAN></DIV>
<BLOCKQUOTE dir=ltr style="MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma
size=2>-----Original Message-----<BR><B>From:</B> MPuras@solunet.com
[mailto:MPuras@solunet.com]<BR><B>Sent:</B> Monday, August 11, 2003 8:16
PM<BR><B>To:</B> Bosco Sachanandani;
juniper-nsp@puck.nether.net<BR><B>Subject:</B> RE: [j-nsp] IPSec config
problem<BR><BR></FONT></DIV>
<DIV><SPAN class=842414014-11082003><FONT face=Arial color=#0000ff
size=2>Bosco,</FONT></SPAN></DIV>
<DIV><SPAN class=842414014-11082003><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=842414014-11082003><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=842414014-11082003><FONT face=Arial color=#0000ff
size=2>You certainly do need "domestic" in order to have Jcrypto which
is needed for IPSec. Export version does not have jcrypto.
Regardless of what is on the /var/tmp/ directory can you issue the command
"show version brief" on both RE and see if you have the jcrypto package
installed? </FONT></SPAN></DIV>
<DIV> </DIV><FONT face=Arial size=2></FONT><BR>
<P><FONT face=Arial size=4>Thanks,</FONT> </P>
<P><FONT face=Arial size=4>Mario Puras</FONT> <BR><B><FONT face=Arial
color=#ff0000 size=4>S</FONT><FONT face=Arial size=4>olu</FONT><FONT
face=Arial color=#ff0000 size=4>N</FONT></B><FONT face=Arial size=4>et
Technical Support</FONT><FONT face=Arial><BR></FONT><FONT
face="Times New Roman" size=4>Mailto:
mpuras@solunet.com<U></U></FONT><U><BR></U><FONT face=Arial size=2>Direct:
(321) 309-1410 </FONT> <BR><FONT face=Arial size=2>888.449.5766 (USA) /
888.SOLUNET (Canada) </FONT></P>
<BLOCKQUOTE dir=ltr
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma
size=2>-----Original Message-----<BR><B>From:</B> Bosco Sachanandani
[mailto:Bosco.Sachanandani@orange.co.in]<BR><B>Sent:</B> Sunday, August
10, 2003 11:52 PM<BR><B>To:</B>
juniper-nsp@puck.nether.net<BR><B>Subject:</B> [j-nsp] IPSec config
problem<BR><B>Importance:</B> High<BR><BR></FONT></DIV><!-- Converted from text/rtf format -->
<P><FONT face=Verdana color=#000000 size=2>Hi Team</FONT> </P>
<P><FONT face=Verdana color=#000000 size=2>Dunno if I am facing a strange
problem or whether I have missed out on a step. I need to be sure of this
before I raise a TAC with Juniper local support (who I may add are pretty
lousy!)</FONT></P>
<P><FONT face=Verdana color=#000000 size=2>Can anyone tell me what is the
code base that you loaded on the Juniper for IPSec support
(Jcrypto)?</FONT> </P>
<P><FONT face=Verdana color=#000000 size=2>You see I can see the crypto
code base only on one routing engine and not on the other. The software
bundle on routing engine 0 and 1 under /var/tmp is
jbundle-5.5R3.1-export-signed.tgz</FONT></P>
<P><FONT face=Verdana color=#000000 size=2>When I issue the command
</FONT></P>
<P><FONT face=Verdana color=#000000 size=2>superuser@lab-re1> request
system software validate /var/tmp/jbundle-5.5R3.1-export-signed.tgz</FONT>
</P>
<P><FONT face=Verdana color=#000000 size=2>it DOES NOT validate the
configuration against the jcrypto code base on routing engine 1 but it
does on routing engine 0. The file size of the jbundle loaded on both
routing-engines is identical. Hence I cannot seem to figure out where the
problem is.</FONT></P>
<P><FONT face=Verdana color=#000000 size=2>As a result, re0 has the IPSec
configuration (currently the master) but re1 does not. When I do a commit
sync from the routing engine where I can see the IPSec config under the
security hierarchy, it does not return any errors.</FONT></P>
<P><FONT face=Verdana color=#000000 size=2>Couple of additional
things:</FONT> </P>
<P><FONT face=Verdana color=#000000 size=2>1) I was basically trying to
set the craft interface display when this problem started and a routing
engine fail over occurred. This is really strange since I expect a M20 to
be more stable!</FONT></P>
<P><FONT face=Verdana color=#000000 size=2>2) Due to this I had to restart
the routing engine with the above given code base.</FONT> </P>
<P><FONT face=Verdana color=#000000 size=2>3) On the routing engine where
I cannot see any entries under the EDIT SECURITY tab, I can see the
configuration of the ES-PIC. I have one ES PIC on this M20</FONT></P>
<P><FONT face=Verdana color=#000000 size=2>Please help!</FONT> </P>
<P><FONT face=Verdana color=#000000 size=2>Thanks in advance</FONT>
<BR><FONT face=Verdana color=#000000 size=2>Bosco</FONT>
</P></BLOCKQUOTE></BLOCKQUOTE></BLOCKQUOTE></BODY></HTML>