Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  VPN/Routing troubles

    Posted 12-10-2010 04:42

    I have two networks, in two different locations connected by a point-to-point MetroE. I have SSG 140's configured on each side:

     

    Building A

    Eth 0/4 10.0.100.1/24 Trust zone

    Eth 0/7 10.0.200.1/30 Trust Zone (connected to P2P MetroE)

    Route 10.0.200.0/30 C Eth0/7

    Route 10.0.200.1/32 H

     

    Building B

    Eth 0/4 10.0.110.1/24 Trust zone

    Eth 0/2 10.0.200.2/30 Trust Zone (connected to P2P MetroE)

    Route 10.0.200.0/30 C Eth 0/2

    Route 10.0.200.2/32 H

     

    Gateways and AutoIKE is all configured correctly - the tunnel I created came up and was working great. Lasted about 18 hours, then went down. I assumed the ISP was having issues, but they say everything is fine, they can ping both side of the tunnel they created for my P2P. Any ideas?



  • 2.  RE: VPN/Routing troubles

    Posted 12-10-2010 17:29

    Hi,

     

    I would start by checking phase 1 with "get ike cookie", then phase 2 with "get sa", and then the event log "get event".  If all else fails and you need to troubleshoot further, a debug ike all is best on the responder while pinging from the remote site.  I've included two links below that may help as well.  Feel free to share your results.

     

    http://kb.juniper.net/kb/documents/public/resolution_path/J_FW_VPN_Config_or_Trblsh.htm

     

    http://kb.juniper.net/InfoCenter/index?page=content&id=KB6283&actp=search&viewlocale=en_US&searchid=1292030639959

     

    -John



  • 3.  RE: VPN/Routing troubles
    Best Answer

    Posted 12-13-2010 10:05

    All is solved, turns out it was a bad cable.... go figure. thansk for the help!