SRX Services Gateway
Reply
Contributor
viks_a
Posts: 48
Registered: ‎05-07-2011
0

st0.0 interface shows Link Down on srx 240 running 11.1 R6.4

[ Edited ]

I have assigned to the security zone and to the virtual router. for some reason it doesn't come up :smileysad:

 

 

I have assigned it an ip address too, any idea as to why it's not coming up ?

Recognized Expert
Visitor
Posts: 121
Registered: ‎08-30-2010
0

Re: st0.0 interface shows Link Down on srx 240 running 11.1 R6.4

Hi ,

 

Check the vpn on which st0 interface binded is up/down. If the vpn associated is down the st0.0 will be down.

In case the vpn is up and you still see st0.0 down, do attach your configuration.

 

Hope this helps.

 

Regards,

Visitor

--------------------------------------------------​--------------------------------------------------​---

If this post was helpful, please mark this post as an "Accepted Solution".Kudos are always appreciated!

 
Contributor
kalleanka99
Posts: 24
Registered: ‎05-25-2011
0

Re: st0.0 interface shows Link Down on srx 240 running 11.1 R6.4

Hello, there could be many reasons for this.

 

What device on the "other" side are you trying todo a route-based VPN to?

 

If's a Juniper SRX you should be fine with the standard proposals.

If it's a Juniper SSG box some tuning is in order. 

If it's a Checkpoint box some tuning is for sure going to be needed. 

 

IKE phase 1 propoals not matching

preshared keys not matching 

PFS settings, AES128 or AES256 or DH group 2 or group 5 etc etc.

 

One thing I always configure is this: establish-tunnels immediately

It's under this: edit security ipsec vpn NONAME

 

This the box always tries to negotiate to brind the tunnel up with regular intervals.

 

As the former poster said attach your configuration so we can help you better.

 

Regards

 

-John

 

 

 

JNCIP-SEC
Contributor
viks_a
Posts: 48
Registered: ‎05-07-2011
0

Re: st0.0 interface shows Link Down on srx 240 running 11.1 R6.4

thanks for the responses. KMD log file was showing TIMEOUT messages and  it was because of the incorrect pre-shared key :smileysad:.

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.