Junos
Reply
Contributor
i_noc
Posts: 20
Registered: ‎07-08-2009
0

IPSec Phase 1 on Juniper m7i Router

  We have an m7i router with an adaptive services module terminating IPSec VPNs.  The VPNs are assocaited with sp interfaces, we have one sp interface that is bouncing fairly regularly.  I believe the sp interface goes down when there is no active phase 1 tunnel, but I'm not certain of that.

 

  I don't see anything obviously wrong in the /var/kmd, or /var/messages log files.  What would be the best trouelshooting methodoligy to determine exactly what is going on?

Distinguished Expert
Raheel
Posts: 414
Registered: ‎06-18-2008
0

Re: IPSec Phase 1 on Juniper m7i Router

please share your config and log files /var/kmd and /var/messages.

 

--Raheel 

Follow me on Twitter @anwar_raheel

--
If this post was helpful, please mark this post as an "Accepted Solution".
Kudos are always appreciated!
Contributor
i_noc
Posts: 20
Registered: ‎07-08-2009
0

Re: IPSec Phase 1 on Juniper m7i Router

We run many VPNs so the kmd and messages logs are pretty extensive.  I am attaching a text file with some KMD logs filtered to the end point IP of the VPN, at the begining of the file are messages from the messages file showing the sp interface going down, so you can correspond that with the kmd messages.  I'll also see about providing some config.  Not that the phase 1 and 2 timers are set to 300 seconds.
Contributor
i_noc
Posts: 20
Registered: ‎07-08-2009
0

Re: IPSec Phase 1 on Juniper m7i Router

The configuration is extensive, I cannot post it all, please indicate what part of the configuration specifically you'd like to see.
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.