SRX

In my SRX100 box, yesterday I entered "restart ipsec-key-management" command on operational mode then it started to work. Now today also same problem occured and today again I entered this command and it started to work. Why this is happening in this SRX box. Any answer sugesstion appreciated. Please refer to my attachment image. 

> at first I tried to ping 10.10.1.1 its not pinging.

> Then I entered "restart ipsec-key-management", then it pinging

> After that some auto generated message comes as in my attached image. What is this?

Thank you

Hi,

Can you post your config from both ends of the VPN?

In a BSD multi-threaded environment, threads should release resources (memory and cpu) in a prescribed time else these oinker scheduler messages are generated.  The severity I cannot be sure of and JTAC only could help you with this.

In my opinion though and experience, they are usually trivial provided they are transient and not constantly occuring.

This is the config of my side. I am unable to get config of other side. I have read somewhere in this forum, that this command "restart ipsec-key-management" should be entered on both side. But I have only entered in my side, so is this giving problem to me?Another thing is. We have 2 WAN links for VPN connection. As per my knowledge primary ISP link is currently down for few days and we are currently using WAN2. In my side, in routing-options, next-hop is still primary link and qualified-next-hop is for secondary (WAN2), please see it in config. So I doubt on this too. Should I make my secondary link as next-hop and primary for qualified-next-hop to test connection?

Attachment(s)

a.txt   9 KB 1 version

There is possibility that kmd process is in hung state.

Do you see any core-dumps?

AVD

Ok, I have attached KMD log along with this thread. there are severals this " KMD_INTERNAL_ERROR: No backup peer configured in kmd_tunnel_failover" in random time interval. 

In my KMD following type of log has been seen 4 times before today morning action. And not seen again same yet in log after that action. 

May 15 08:03:07 Group/Shared IKE ID VPN configured: 0
May 15 08:03:08 Obsolete parameter length_of_local_secret is not set to zero in ssh_ike_init
May 15 08:03:08 Obsolete parameter token_hash_type is not set to zero in ssh_ike_init
May 15 08:03:09 KMD_INTERNAL_ERROR: iked_ifstate_eoc_handler: EOC msg received

Today morning around 10:15 to 10:20 i have entered "restart-ipsec-key-management", So i am not sure weather following log was created before or after I hit command. 

May 15 10:17:02 Group/Shared IKE ID VPN configured: 0
May 15 10:17:02 Obsolete parameter length_of_local_secret is not set to zero in ssh_ike_init
May 15 10:17:02 Obsolete parameter token_hash_type is not set to zero in ssh_ike_init
May 15 10:17:02 KMD_INTERNAL_ERROR: iked_ifstate_eoc_handler: EOC msg received
May 15 10:17:21 Group/Shared IKE ID VPN configured: 0
May 15 10:17:21 Obsolete parameter length_of_local_secret is not set to zero in ssh_ike_init
May 15 10:17:21 Obsolete parameter token_hash_type is not set to zero in ssh_ike_init
May 15 10:17:21 KMD_INTERNAL_ERROR: iked_ifstate_eoc_handler: EOC msg received

Attachment(s)

b.txt   137 KB 1 version