SRX

last person joined: 3 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  Need help! VPN tunnel is up but st0.0 interface is up/down

    Posted 12-01-2016 13:52

    Phase 1 & 2 is good, can see active tunnels.

    VPN was working before, then all of a sudden stopped working. Bounced interface on both end made the tunnel came back up. But severs behind the firewall cannot ping each other anymore. Firewall at other end cannot ping the sever.

     

    Show interface terse shows st0.0 up/down. 

     

    How do I bring this interface up?



  • 2.  RE: Need help! VPN tunnel is up but st0.0 interface is up/down
    Best Answer

     
    Posted 12-01-2016 19:19

    Try " restart ipsec-key-management " , if that dont fix please share below output along with your config.

     

    > show log kmd

     



  • 3.  RE: Need help! VPN tunnel is up but st0.0 interface is up/down

    Posted 12-02-2016 06:40

    I cannot beleive it... I actually already tried that before posting on here and the interface still wouldn't come up..

    Tried again and voila.... its back up!  It's so weird.. Is there an explaination for this?

     

    Thanks a lot!



  • 4.  RE: Need help! VPN tunnel is up but st0.0 interface is up/down

    Posted 12-02-2016 02:34

    Are you running VPN monitor options?  This will bring down VPN interfaces when they fail the monitor test.

     

    If not, I think you best bet for a root cause here will be setting up trace options and getting these logs.  This is the route based vpn trace logs setup.  These should give us the specific reason the SRX is taking down the interface.

     

    https://kb.juniper.net/InfoCenter/index?page=content&id=kb21781#IpsecRouteBased