Gentlemans, anyone help me on this issue?
On Mon, Jun 25, 2018 at 10:37 PM, sameer mughal <[email protected]> wrote: > Dear Alexandre, > Please guide how can I fix this issue? It raise suddenly before this on > same configuration ipsec tunnel was working fine for more than 5 to 6 > months. > > On Mon, Jun 25, 2018, 8:22 PM Alexandre Guimaraes < > [email protected]> wrote: > >> Sameer >> >> >> Reason: IPSec SA delete payload received from peer, corresponding IPSec >> SAs cleared >> >> >> This is a phase 2 problem, maybe deadpeerdetection failure, VPN >> monitoring failure, a failure during rekey when old SA is deleted >> notification sent to delete old SA. Most of the cases. >> >> >> >> att >> Alexandre >> >> Em 25 de jun de 2018, à(s) 03:42, sameer mughal <[email protected]> >> escreveu: >> >> both sites on srx. >> following are the logs. >> >> show log junilog|match st0.15 >> Jun 25 01:47:51 rpd[1867]: EVENT <UpDown> st0.15 index 86 <Broadcast >> PointToPoint Multicast> >> Jun 25 01:47:51 rpd[1867]: EVENT UpDown st0.15 index 86 <Broadcast >> PointToPoint Multicast Localup> >> Jun 25 01:47:51 rpd[1867]: EVENT UpDown st0.15 index 86 10.115.10.2 -> >> 10.115.10.2 <Broadcast PointToPoint Multicast Localup> >> Jun 25 01:47:51 kmd[1902]: KMD_VPN_DOWN_ALARM_USER: VPN IPSEC-15-VPN >> from 103.229.87.66 is down. Local-ip: 124.29.233.138, gateway name: >> IKE-U15-GW, vpn name: IPSEC-15-VPN, tunnel-id: 131075, local tunnel-if: >> st0.15, remote tunnel-ip: 10.115.10.1, Local IKE-ID: 124.29.233.138, Remote >> IKE-ID: 103.229.87.66, XAUTH username: Not-Applicable, VR id: 0, >> Traffic-selector: , Traffic-selector local ID: ipv4_subnet(any:0,[0..7]= >> 0.0.0.0/0), Traffic-selector remote ID: ipv4_subnet(any:0,[0..7]=0.0. >> 0.0/0), SA Type: Static, Reason: IPSec SA delete payload received from >> peer, corresponding IPSec SAs cleared >> Jun 25 01:47:51 mib2d[1865]: SNMP_TRAP_LINK_DOWN: ifIndex 588, >> ifAdminStatus up(1), ifOperStatus down(2), ifName st0.15 >> Jun 25 01:48:06 kmd[1902]: KMD_VPN_UP_ALARM_USER: VPN IPSEC-15-VPN from >> 103.229.87.66 is up. Local-ip: 124.29.233.138, gateway name: IKE-U15-GW, >> vpn name: IPSEC-15-VPN, tunnel-id: 131075, local tunnel-if: st0.15, remote >> tunnel-ip: 10.115.10.1, Local IKE-ID: 124.29.233.138, Remote IKE-ID: >> 103.229.87.66, XAUTH username: Not-Applicable, VR id: 0, Traffic-selector: >> , Traffic-selector local ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0), >> Traffic-selector remote ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0), SA >> Type: Static >> Jun 25 01:48:06 rpd[1867]: EVENT <UpDown> st0.15 index 86 <Up Broadcast >> PointToPoint Multicast> >> Jun 25 01:48:06 rpd[1867]: EVENT UpDown st0.15 index 86 <Up Broadcast >> PointToPoint Multicast> >> Jun 25 01:48:06 rpd[1867]: EVENT UpDown st0.15 index 86 10.115.10.2 -> >> 10.115.10.2 <Up Broadcast PointToPoint Multicast> >> Jun 25 01:48:06 mib2d[1865]: SNMP_TRAP_LINK_UP: ifIndex 588, >> ifAdminStatus up(1), ifOperStatus up(1), ifName st0.15 >> Jun 25 01:51:52 kmd[1902]: KMD_VPN_DOWN_ALARM_USER: VPN IPSEC-15-VPN >> from 103.229.87.66 is down. Local-ip: 124.29.233.138, gateway name: >> IKE-U15-GW, vpn name: IPSEC-15-VPN, tunnel-id: 131075, local tunnel-if: >> st0.15, remote tunnel-ip: 10.115.10.1, Local IKE-ID: 124.29.233.138, Remote >> IKE-ID: 103.229.87.66, XAUTH username: Not-Applicable, VR id: 0, >> Traffic-selector: , Traffic-selector local ID: ipv4_subnet(any:0,[0..7]= >> 0.0.0.0/0), Traffic-selector remote ID: ipv4_subnet(any:0,[0..7]=0.0. >> 0.0/0), SA Type: Static, Reason: IPSec SA delete payload received from >> peer, corresponding IPSec SAs cleared >> Jun 25 01:51:52 rpd[1867]: EVENT <UpDown> st0.15 index 86 <Broadcast >> PointToPoint Multicast> >> Jun 25 01:51:52 rpd[1867]: EVENT UpDown st0.15 index 86 <Broadcast >> PointToPoint Multicast Localup> >> Jun 25 01:51:52 rpd[1867]: EVENT UpDown st0.15 index 86 10.115.10.2 -> >> 10.115.10.2 <Broadcast PointToPoint Multicast Localup> >> Jun 25 01:51:52 mib2d[1865]: SNMP_TRAP_LINK_DOWN: ifIndex 588, >> ifAdminStatus up(1), ifOperStatus down(2), ifName st0.15 >> Jun 25 01:52:07 rpd[1867]: EVENT <UpDown> st0.15 index 86 <Up Broadcast >> PointToPoint Multicast> >> Jun 25 01:52:07 rpd[1867]: EVENT UpDown st0.15 index 86 <Up Broadcast >> PointToPoint Multicast> >> Jun 25 01:52:07 kmd[1902]: KMD_VPN_UP_ALARM_USER: VPN IPSEC-15-VPN from >> 103.229.87.66 is up. Local-ip: 124.29.233.138, gateway name: IKE-U15-GW, >> vpn name: IPSEC-15-VPN, tunnel-id: 131075, local tunnel-if: st0.15, remote >> tunnel-ip: 10.115.10.1, Local IKE-ID: 124.29.233.138, Remote IKE-ID: >> 103.229.87.66, XAUTH username: Not-Applicable, VR id: 0, Traffic-selector: >> , Traffic-selector local ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0), >> Traffic-selector remote ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0), SA >> Type: Static >> Jun 25 01:52:07 rpd[1867]: EVENT UpDown st0.15 index 86 10.115.10.2 -> >> 10.115.10.2 <Up Broadcast PointToPoint Multicast> >> Jun 25 01:52:07 mib2d[1865]: SNMP_TRAP_LINK_UP: ifIndex 588, >> ifAdminStatus up(1), ifOperStatus up(1), ifName st0.15 >> >> {primary:node0} >> >> On Mon, Jun 25, 2018 at 3:03 AM, Alexandre Guimaraes < >> [email protected]> wrote: >> >>> Have you checked the errors? Do a deep Inspection and check the packets >>> to see what’s the behavior that’s trigger the down state. Tcpdump Will give >>> you hints. >>> >>> Both sides uses SRX? >>> >>> att >>> Alexandre >>> >>> Em 24 de jun de 2018, à(s) 07:59, sameer mughal <[email protected]> >>> escreveu: >>> >>> > Hi All, >>> > I am facing ipsec tunnel flapping issue on srx550. Both sides isp >>> links are >>> > up and stable but still tunnel is flapping. >>> > Can anyone facing similar problem or any solution to fix this issue? >>> > _______________________________________________ >>> > juniper-nsp mailing list [email protected] >>> > https://puck.nether.net/mailman/listinfo/juniper-nsp >>> >> >> _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
