st0.0 interface shows Link Down on srx 240 running 11.1 R6.4

viks_a · ‎05-07-2011

I have assigned to the security zone and to the virtual router. for some reason it doesn't come up

I have assigned it an ip address too, any idea as to why it's not coming up ?

Visitor · ‎08-30-2010

Hi ,

Check the vpn on which st0 interface binded is up/down. If the vpn associated is down the st0.0 will be down.

In case the vpn is up and you still see st0.0 down, do attach your configuration.

Hope this helps.

Regards,

Visitor

-------------------------------------------------------------------------------------------------------

If this post was helpful, please mark this post as an "Accepted Solution".Kudos are always appreciated!

kalleanka99 · ‎05-25-2011

Hello, there could be many reasons for this.

What device on the "other" side are you trying todo a route-based VPN to?

If's a Juniper SRX you should be fine with the standard proposals.

If it's a Juniper SSG box some tuning is in order.

If it's a Checkpoint box some tuning is for sure going to be needed.

IKE phase 1 propoals not matching

preshared keys not matching

PFS settings, AES128 or AES256 or DH group 2 or group 5 etc etc.

One thing I always configure is this: establish-tunnels immediately

It's under this: edit security ipsec vpn NONAME

This the box always tries to negotiate to brind the tunnel up with regular intervals.

As the former poster said attach your configuration so we can help you better.

Regards

-John

JNCIP-SEC

viks_a · ‎05-07-2011

thanks for the responses. KMD log file was showing TIMEOUT messages and it was because of the incorrect pre-shared key .

Re: st0.0 interface shows Link Down on srx 240 running 11.1 R6.4