SRX Services Gateway
Highlighted
SRX Services Gateway

2 ipsec between SRX650 and SRX100

‎08-20-2015 11:02 PM

Hi.
We have two ipsec tunnel between the SRX650 and SRX100. In SRX650 WAN ip - AAA.AAA.AAA.AAA, SRX100 have two WAN: primary - 111.111.111.111, secondary - 222.222.222.222. After upgrading from version SRX650 11.4R13.5 to 12.1X46-D35, ipsec tunnels stopped working. On the SRX650 in logs ike/ipsec appears:

[Aug 18 16:18:59]Deleted (spi=0xaa71ead1, protocol=ESP dst=AAA.AAA.AAA.AAA) entry from the peer hash table. Reason: Duplicated remote user
[Aug 18 16:18:59]Deleted (spi=0xa08b0d8b, protocol=ESP dst=111.111.111.111) entry from the peer hash table. Reason: Duplicated remote user
[Aug 18 16:19:05]Deleted (spi=0x7399bee, protocol=ESP dst=AAA.AAA.AAA.AAA) entry from the peer hash table. Reason: Duplicated remote user
[Aug 18 16:19:05]Deleted (spi=0xe0fd3cb0, protocol=ESP dst=222.222.222.222) entry from the peer hash table. Reason: Duplicated remote user
[Aug 18 16:19:09]Deleted (spi=0xeb3cf7da, protocol=ESP dst=AAA.AAA.AAA.AAA) entry from the peer hash table. Reason: Duplicated remote user
[Aug 18 16:19:09]Deleted (spi=0xa082c82c, protocol=ESP dst=111.111.111.111) entry from the peer hash table. Reason: Duplicated remote user

What could be the problem?

 

thx.

Attachments

1 REPLY 1
Highlighted
SRX Services Gateway

Re: 2 ipsec between SRX650 and SRX100

‎08-22-2015 11:06 PM

try to look into this direction.

 

[Aug 18 16:38:35]Successfully added ipsec SA PAIR
[Aug 18 16:38:35]iked_nhtb_add_entry: Not adding NHTB entry to kernel as IKED_NHTB_IN_KERNEL is set
[Aug 18 16:38:35]ike_st_o_qm_wait_done: Marking for waiting for done
Feedback