IPSec Phase 1 on Juniper m7i Router

08.21.09   |  
‎08-21-2009 02:24 PM

  We have an m7i router with an adaptive services module terminating IPSec VPNs.  The VPNs are assocaited with sp interfaces, we have one sp interface that is bouncing fairly regularly.  I believe the sp interface goes down when there is no active phase 1 tunnel, but I'm not certain of that.


  I don't see anything obviously wrong in the /var/kmd, or /var/messages log files.  What would be the best trouelshooting methodoligy to determine exactly what is going on?


Re: IPSec Phase 1 on Juniper m7i Router

08.22.09   |  
‎08-22-2009 05:05 AM

please share your config and log files /var/kmd and /var/messages.



Follow me on Twitter @anwar_raheel

If this post was helpful, please mark this post as an "Accepted Solution".
Kudos are always appreciated!

Re: IPSec Phase 1 on Juniper m7i Router

08.24.09   |  
‎08-24-2009 07:52 AM
We run many VPNs so the kmd and messages logs are pretty extensive.  I am attaching a text file with some KMD logs filtered to the end point IP of the VPN, at the begining of the file are messages from the messages file showing the sp interface going down, so you can correspond that with the kmd messages.  I'll also see about providing some config.  Not that the phase 1 and 2 timers are set to 300 seconds.



Re: IPSec Phase 1 on Juniper m7i Router

09.16.09   |  
‎09-16-2009 11:04 AM
The configuration is extensive, I cannot post it all, please indicate what part of the configuration specifically you'd like to see.