Message Image

Skip main navigation (Press Enter).

SRX

last person joined: yesterday

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

Back to discussions

Expand all | Collapse all

Reboot Required to reactivate the IPSec/VPN

Jump to Best Answer

Erdem04-17-2014 03:26

Hi, The SRX240H cluster is connected with an SRX1400 through the IPSec/VPN, the SRX240H is connected ...

Erdem04-17-2014 08:07Best Answer

Hello, Did you configured RETH interface as external interface for VPN ? Could you please share ...

Erdem04-17-2014 14:23

Until you figure out the reason for the tunnel not coming up I have learned that instead of rebooting ...

1. Reboot Required to reactivate the IPSec/VPN

0 Recommend
Erdem
Posted 04-17-2014 03:26

Reply Reply Privately
Hi,

The SRX240H cluster is connected with an SRX1400 through the IPSec/VPN, the SRX240H is connected also with the an ISP , when the link between the ISP and the SRX240H flap (becomes down then up ) the vpn becomes automatically down , so we have to reboot the SRX240H cluster TWICE to get the IPSec/VPN.
2. RE: Reboot Required to reactivate the IPSec/VPN
Best Answer

0 Recommend
Erdem
Posted 04-17-2014 08:07

Reply Reply Privately
Hello,

Did you configured RETH interface as external interface for VPN ?

Could you please share the configuration ?

Do you see both IKE and IPSec SA down while vpn traffic fails ?
3. RE: Reboot Required to reactivate the IPSec/VPN

0 Recommend
Erdem
Posted 04-17-2014 14:23

Reply Reply Privately
Until you figure out the reason for the tunnel not coming up I have learned that instead of rebooting the device you can issue the following command to "kick" the ipsec renegotiation to bring the tunnel back up instead of rebooting.

From the cli: restart ipsec-key-management immediately

Note this will kick all tunnels, but they should come up quickly assuming you don't have a ton of tunnels.

Hopefully that keeps you from having to wait on JunOS to boot.

Powered by Higher Logic