Dear Koyle, I have already configure static route towards destination. On Mon, Jun 25, 2018, 6:50 PM Eldon Koyle <[email protected]> wrote:
> Do you have a default route over that tunnel? If so, once the tunnel > comes up it will try to route the ipsec connection through the tunnel, > which will break the tunnel. Try adding a static route to the remote > tunnel endpoint via your internet connection. > > -- > Eldon > > > On Mon, Jun 25, 2018, 00:43 sameer mughal <[email protected]> wrote: > >> both sites on srx. >> following are the logs. >> >> show log junilog|match st0.15 >> Jun 25 01:47:51 rpd[1867]: EVENT <UpDown> st0.15 index 86 <Broadcast >> PointToPoint Multicast> >> Jun 25 01:47:51 rpd[1867]: EVENT UpDown st0.15 index 86 <Broadcast >> PointToPoint Multicast Localup> >> Jun 25 01:47:51 rpd[1867]: EVENT UpDown st0.15 index 86 10.115.10.2 -> >> 10.115.10.2 <Broadcast PointToPoint Multicast Localup> >> Jun 25 01:47:51 kmd[1902]: KMD_VPN_DOWN_ALARM_USER: VPN IPSEC-15-VPN >> from >> 103.229.87.66 is down. Local-ip: 124.29.233.138, gateway name: IKE-U15-GW, >> vpn name: IPSEC-15-VPN, tunnel-id: 131075, local tunnel-if: st0.15, remote >> tunnel-ip: 10.115.10.1, Local IKE-ID: 124.29.233.138, Remote IKE-ID: >> 103.229.87.66, XAUTH username: Not-Applicable, VR id: 0, Traffic-selector: >> , Traffic-selector local ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0), >> Traffic-selector remote ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0), SA Type: >> Static, Reason: IPSec SA delete payload received from peer, corresponding >> IPSec SAs cleared >> Jun 25 01:47:51 mib2d[1865]: SNMP_TRAP_LINK_DOWN: ifIndex 588, >> ifAdminStatus up(1), ifOperStatus down(2), ifName st0.15 >> Jun 25 01:48:06 kmd[1902]: KMD_VPN_UP_ALARM_USER: VPN IPSEC-15-VPN from >> 103.229.87.66 is up. Local-ip: 124.29.233.138, gateway name: IKE-U15-GW, >> vpn name: IPSEC-15-VPN, tunnel-id: 131075, local tunnel-if: st0.15, remote >> tunnel-ip: 10.115.10.1, Local IKE-ID: 124.29.233.138, Remote IKE-ID: >> 103.229.87.66, XAUTH username: Not-Applicable, VR id: 0, Traffic-selector: >> , Traffic-selector local ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0), >> Traffic-selector remote ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0), SA Type: >> Static >> Jun 25 01:48:06 rpd[1867]: EVENT <UpDown> st0.15 index 86 <Up Broadcast >> PointToPoint Multicast> >> Jun 25 01:48:06 rpd[1867]: EVENT UpDown st0.15 index 86 <Up Broadcast >> PointToPoint Multicast> >> Jun 25 01:48:06 rpd[1867]: EVENT UpDown st0.15 index 86 10.115.10.2 -> >> 10.115.10.2 <Up Broadcast PointToPoint Multicast> >> Jun 25 01:48:06 mib2d[1865]: SNMP_TRAP_LINK_UP: ifIndex 588, >> ifAdminStatus up(1), ifOperStatus up(1), ifName st0.15 >> Jun 25 01:51:52 kmd[1902]: KMD_VPN_DOWN_ALARM_USER: VPN IPSEC-15-VPN >> from >> 103.229.87.66 is down. Local-ip: 124.29.233.138, gateway name: IKE-U15-GW, >> vpn name: IPSEC-15-VPN, tunnel-id: 131075, local tunnel-if: st0.15, remote >> tunnel-ip: 10.115.10.1, Local IKE-ID: 124.29.233.138, Remote IKE-ID: >> 103.229.87.66, XAUTH username: Not-Applicable, VR id: 0, Traffic-selector: >> , Traffic-selector local ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0), >> Traffic-selector remote ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0), SA Type: >> Static, Reason: IPSec SA delete payload received from peer, corresponding >> IPSec SAs cleared >> Jun 25 01:51:52 rpd[1867]: EVENT <UpDown> st0.15 index 86 <Broadcast >> PointToPoint Multicast> >> Jun 25 01:51:52 rpd[1867]: EVENT UpDown st0.15 index 86 <Broadcast >> PointToPoint Multicast Localup> >> Jun 25 01:51:52 rpd[1867]: EVENT UpDown st0.15 index 86 10.115.10.2 -> >> 10.115.10.2 <Broadcast PointToPoint Multicast Localup> >> Jun 25 01:51:52 mib2d[1865]: SNMP_TRAP_LINK_DOWN: ifIndex 588, >> ifAdminStatus up(1), ifOperStatus down(2), ifName st0.15 >> Jun 25 01:52:07 rpd[1867]: EVENT <UpDown> st0.15 index 86 <Up Broadcast >> PointToPoint Multicast> >> Jun 25 01:52:07 rpd[1867]: EVENT UpDown st0.15 index 86 <Up Broadcast >> PointToPoint Multicast> >> Jun 25 01:52:07 kmd[1902]: KMD_VPN_UP_ALARM_USER: VPN IPSEC-15-VPN from >> 103.229.87.66 is up. Local-ip: 124.29.233.138, gateway name: IKE-U15-GW, >> vpn name: IPSEC-15-VPN, tunnel-id: 131075, local tunnel-if: st0.15, remote >> tunnel-ip: 10.115.10.1, Local IKE-ID: 124.29.233.138, Remote IKE-ID: >> 103.229.87.66, XAUTH username: Not-Applicable, VR id: 0, Traffic-selector: >> , Traffic-selector local ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0), >> Traffic-selector remote ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0), SA Type: >> Static >> Jun 25 01:52:07 rpd[1867]: EVENT UpDown st0.15 index 86 10.115.10.2 -> >> 10.115.10.2 <Up Broadcast PointToPoint Multicast> >> Jun 25 01:52:07 mib2d[1865]: SNMP_TRAP_LINK_UP: ifIndex 588, >> ifAdminStatus up(1), ifOperStatus up(1), ifName st0.15 >> >> {primary:node0} >> >> On Mon, Jun 25, 2018 at 3:03 AM, Alexandre Guimaraes < >> [email protected]> wrote: >> >> > Have you checked the errors? Do a deep Inspection and check the packets >> to >> > see what’s the behavior that’s trigger the down state. Tcpdump Will give >> > you hints. >> > >> > Both sides uses SRX? >> > >> > att >> > Alexandre >> > >> > Em 24 de jun de 2018, à(s) 07:59, sameer mughal <[email protected]> >> > escreveu: >> > >> > > Hi All, >> > > I am facing ipsec tunnel flapping issue on srx550. Both sides isp >> links >> > are >> > > up and stable but still tunnel is flapping. >> > > Can anyone facing similar problem or any solution to fix this issue? >> > > _______________________________________________ >> > > juniper-nsp mailing list [email protected] >> > > https://puck.nether.net/mailman/listinfo/juniper-nsp >> > >> _______________________________________________ >> juniper-nsp mailing list [email protected] >> https://puck.nether.net/mailman/listinfo/juniper-nsp >> > _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
