SRX

I have a few site to site route based VPNs,  I am trying to change the remote gateway of one.

When i do the following

delete security ike gateway GWNAME address x.x.x.x

and set the new one + commit.

Then I clear the Ike and Ipsec and the tunnel comes back up with the old gateway again????

This may be weird, should I unbind the tunnel first or any help please?

Hi ,

 This issue is seen when the gateway ip is not cleared from the Packet Forwarding engine.It is seen that when you change the config and the negotiations start with the old gateway configuration,this clealy points that the IP is not changed in PFE.

The resolution is to deactivate the respective  configuration under security ike and security ipsec for that particular ip and commit the change.Activate the configuration and commit again.This will rebuild the configuration and push it again to the PFE with the new ip.If this didnot resolve the issue,delete the gateway configuration ,commit and push again the same config.

Regards,

Visitor

 -------------------------------------------------​-----------------------------

If this post was helpful, please mark this post as an "Accepted Solution".Kudos are always appreciated!

Hi, thanks for the prompt response.

When you mean deactivate the config in ike and ipsec can you be specific with the commands to do this?  just so im sure.

Hi,

PFB the commands

#deactivate security ike gateway <gatewayname>

#deactivate security ipsec vpn <vpn name>

#commit

If it is policy based deactive the policy refering that vpn.

# activate security ike gateway <gatewayname>

#activate security ipsec vpn <vpn name>

#commit

Activate the respective policy.

Regards,

Visitor

----------------------------------------------------------------------------------------------------------

 If this post was helpful, please mark this post as an "Accepted Solution".Kudos are always appreciated!

Hi there,

Thanks very much for this, just waht I was looking for!

Hi MMcD @i-conX,

You are most welcome.

Regards,

Visitor