SRX Services Gateway
Reply
Visitor
_S_S_S_
Posts: 2
Registered: ‎06-06-2012
0

srx 650 dynamic vpn license problem

Hi

 

I'm having some serious problems with our srx 650 dynamic  vpn. For some reason the firewall doesn't release the licenses and the users keep getting the error "firewall is out of licenses". We have 25 licenses installed and I am positively sure that all of them is not being used in the middle of the night. Can anyone tell me how to release the licenses without rebooting? I've tried the following:

 

restart ipsec-key-management

restart web-management
clear security ipsec security-associations
I've also renamed the file:
/var/db/dynamic-vpn-ipsec/tokens-info 
but nothing seems to help.
If i run the command show system license it shows that I have 25 licenses and used. Any help would be seriously appreciated.
Sakari
Super Contributor
johnrbaker
Posts: 210
Registered: ‎02-17-2011
0

Re: srx 650 dynamic vpn license problem

What version of Junos are you running?

 

There was a know issue with the licences not being released correctly, but this has been fixed in recent releases.

Distinguished Expert
MMcD
Posts: 623
Registered: ‎07-20-2010
0

Re: srx 650 dynamic vpn license problem

As John said various versions have the licencing not releasing issue.  I know 11.1 R4.4 works if you are around or close to that version it may be worthwhile upgrading/downgrading.

 

You could try the following also:

 

user@srx>show security dynamic-vpn users
user@srx>clear security dynamic-vpn user ike-id "IKE ID" "Username"


user@srx> start shell
user@srx% rm -rf /var/db/dynamic-vpn-ipsec/tokens-info

restart web-management

MMcD [JNCIP-SEC, CCNA, MCP]
____________________________________________________

[Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too]
Contributor
gosi
Posts: 82
Registered: ‎12-11-2009
0

Re: srx 650 dynamic vpn license problem

[ Edited ]

Hi,

 

this is a known issue. https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR710519 and https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR735615&viewlocale=en_US

 

Actually there is no fix availible at the moment (jtac information). It is fixed in 12.3 and they are still investigating if this fix can be ported to earlier releases.

 

I got following workaround from them:

 

1. delete /var/db/dynamic-vpn-ipsec/tokens-info
2. perform this cli command: cli> restart web-management
3. uninstall the license and install it back in

 

What is also working for one customer with a SRX100 is to reboot the system. But i think in your case this is no option for a SRX650 ;-).

 

Maybe you can open another case and refer to my case (Case #2012-0425-0410).

 

Visitor
_S_S_S_
Posts: 2
Registered: ‎06-06-2012
0

Re: srx 650 dynamic vpn license problem

[ Edited ]

I'm running 11.4R2.14. We had problems with the earlier versions also so I can't use them either. And  only 11 and above have all the features I need. I've been waiting a working version for over two years now.

 

Even after i unistalled the license and installed it back they were marked as used. It seems that nothing else than a reboot works so i guess i'll have to do it every night. But thank you all for you help

 

Visitor
Vesna
Posts: 1
Registered: ‎11-16-2011
0

Re: srx 650 dynamic vpn license problem

I am facing with the same problem for the srx220h and JUNOS Software Release [11.4R4.4].

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.