SRX Services Gateway
SRX Services Gateway

Re: 2 vpns issue

‎01-10-2019 03:52 AM

Do you want me to remove esp and add tcp or continue with out protocols ?

SRX Services Gateway

Re: 2 vpns issue

‎01-10-2019 04:07 AM

First of all there is no filter to match the flow 10.11.11.12/78->192.168.50.223 so please configure one if you initiate the same ping( Same source/destination IP) .

 

ALso, there are other filters which have ESP protocol, they  should not catch the clear text ping traffic matching with those IPs in the filter.

 

Thanks,

Vikas

SRX Services Gateway

Re: 2 vpns issue

‎01-10-2019 04:15 AM

could you please help me where do  i need to change ? in srx a or srx b , from below traceoption

where should i change ? srx A or srx b ?

 

srxA flow trace options (50.x , 10.11.11.11 st0.0)

    flow {
        traceoptions {
            file flow-trace size 1m files 2 world-readable;
            flag basic-datapath;
            packet-filter c2s {
                source-prefix 192.168.50.223/24;
                destination-prefix 192.168.200.0/24;
            }
            packet-filter s2c {
                source-prefix 192.168.200.0/24;
                destination-prefix 192.168.50.0/32;
            }
            packet-filter outgoing {
                source-prefix 192.168.200.0/24;
            }
            packet-filter MatchTraffic {
                source-prefix y.y.y.y/29;
                destination-prefix x,x,x,x/26;
            }
            packet-filter MatchTrafficReverse {
                source-prefix 192.168.50.223/24;
                destination-prefix 192.168.200.23/24;
            }
            packet-filter f1 {
                destination-prefix 192.168.200.0/24;
            }
            packet-filter filter1 {
                protocol esp;
                source-prefix 10.11.11.11/24;
                destination-prefix 10.11.11.12/24;
            }
            packet-filter filter2 {
                protocol esp;
                source-prefix 10.11.11.12/24;
                destination-prefix 10.11.11.11/24;
            }
            packet-filter filter3 {
                source-prefix 192.168.50.0/24;
                destination-prefix 192.168.200.0/24;
            }
            packet-filter filter4 {
                source-prefix 192.168.200.0/24;
                destination-prefix 192.168.50.0/24;
            }
        }
    }

 

srxB  (200.x n/w , 10.11.11.12 st0.0 )

 

flow {
        traceoptions {
            file trc-sec-flow size 30k files 3 world-readable;
            flag basic-datapath;
            flag packet-drops;
            packet-filter f2 {
                destination-prefix 192.168.50.0/24;
            }
            packet-filter filter1 {
                protocol esp;
                source-prefix 10.11.11.12/32;
                destination-prefix 10.11.11.11/32;
            }
            packet-filter filter2 {
                protocol esp;
                source-prefix 10.11.11.12/32;
                destination-prefix 10.11.11.11/32;
            }
            packet-filter filter3 {
                protocol tcp;
                destination-prefix y.y.y.y/32;
                destination-port ssh;
            }
            packet-filter filter4 {
                protocol tcp;
                source-prefix x.x.x.x/32;
                destination-port ssh;
            }
        }

SRX Services Gateway

Re: 2 vpns issue

‎01-10-2019 04:28 AM

changed srxA filter as follows

  packet-filter filter1 {
                protocol esp;
                source-prefix 192.168.50.223/24;
                destination-prefix 192.168.200.23/24;
            }
            packet-filter filter2 {
                protocol esp;
                source-prefix 192.168.200.23/24;
                destination-prefix 192.168.50.223/24;
            }
            packet-filter filter3 {
                source-prefix 192.168.50.0/24;
                destination-prefix 192.168.200.0/24;
            }
            packet-filter filter4 {
                source-prefix 192.168.200.0/24;
                destination-prefix 192.168.50.0/24;

 

Results : srx B

Jan 10 19:13:13 19:13:12.797924:CID-0:RT:flow_first_src_xlate: src nat returns status: 0, rule/pool id: 0/0, pst_nat: False.
 
Jan 10 19:13:13 19:13:12.797924:CID-0:RT:  dip id = 0/0, 10.11.11.12/81->10.11.11.12/81 protocol 0
 
Jan 10 19:13:13 19:13:12.797924:CID-0:RT: Found tunnel for if (non-vpn or vpn without nhtb) st0.0
 
Jan 10 19:13:13 19:13:12.797924:CID-0:RT:flow_first_get_tun_info: tunnel out 0x603f6660, tun id 131074
 
Jan 10 19:13:13 19:13:12.797924:CID-0:RT:flow_first_get_out_ifp: tunnel out 0x603f6660, tun id 131074
 
Jan 10 19:13:13 19:13:12.797924:CID-0:RT:  choose interface ge-0/0/0.0 as outgoing phy if
 
Jan 10 19:13:13 19:13:12.797924:CID-0:RT:is_loop_pak: No loop: on ifp: st0.0, addr: 192.168.50.223, rtt_idx:0
 
Jan 10 19:13:13 19:13:12.797924:CID-0:RT:-jsf : Alloc sess plugin info for session 339302668506
 
Jan 10 19:13:13 19:13:12.797924:CID-0:RT:[JSF]Normal interest check. regd plugins 19, enabled impl mask 0x0
 
Jan 10 19:13:13 19:13:12.797924:CID-0:RT:-jsf int check: plugin id  2, svc_req 0x0, impl mask 0x0. rc 4
 
Jan 10 19:13:13 19:13:12.797924:CID-0:RT:-jsf int check: plugin id  3, svc_req 0x0, impl mask 0x0. rc 4
 
Jan 10 19:13:13 19:13:12.797924:CID-0:RT:-jsf int check: plugin id  5, svc_req 0x0, impl mask 0x0. rc 4
 
Jan 10 19:13:13 19:13:12.797924:CID-0:RT:-jsf int check: plugin id  6, svc_req 0x0, impl mask 0x0. rc 4
 
Jan 10 19:13:13 19:13:12.797924:CID-0:RT:-jsf int check: plugin id  7, svc_req 0x0, impl mask 0x0. rc 4
 
Jan 10 19:13:13 19:13:12.797924:CID-0:RT:-jsf int check: plugin id  8, svc_req 0x0, impl mask 0x0. rc 4
 
Jan 10 19:13:13 19:13:12.797924:CID-0:RT:-jsf int check: plugin id 12, svc_req 0x0, impl mask 0x0. rc 4
 
Jan 10 19:13:13 19:13:12.797924:CID-0:RT:-jsf int check: plugin id 15, svc_req 0x0, impl mask 0x0. rc 4
 
Jan 10 19:13:13 19:13:12.797924:CID-0:RT:+++++++++++jsf_test_plugin_data_evh: 3
 
Jan 10 19:13:13 19:13:12.797924:CID-0:RT:-jsf int check: plugin id 16, svc_req 0x0, impl mask 0x0. rc 4
 
Jan 10 19:13:13 19:13:12.797924:CID-0:RT:-jsf int check: plugin id 22, svc_req 0x0, impl mask 0x0. rc 4
 
Jan 10 19:13:13 19:13:12.797924:CID-0:RT:-jsf int check: plugin id 23, svc_req 0x0, impl mask 0x0. rc 4
 
Jan 10 19:13:13 19:13:12.797924:CID-0:RT:-jsf int check: plugin id 26, svc_req 0x0, impl mask 0x0. rc 4
 
Jan 10 19:13:13 19:13:12.797924:CID-0:RT:-jsf int check: plugin id 27, svc_req 0x0, impl mask 0x0. rc 2
 
Jan 10 19:13:13 19:13:12.797924:CID-0:RT:-jsf int check: plugin id 28, svc_req 0x0, impl mask 0x0. rc 4
 
Jan 10 19:13:13 19:13:12.797924:CID-0:RT:[JSF]Plugins(0x0, count 0) enabled for session = 140055540, impli mask(0x4f), post_nat cnt 252122 svc req(0x0)
 
Jan 10 19:13:13 19:13:12.797924:CID-0:RT:-jsf : no plugin interested for session 339302668506, free sess plugin info
 
Jan 10 19:13:13 19:13:12.797924:CID-0:RT:flow_first_service_lookup(): natp(0x5b497fb8): app_id, 0(0).
 
Jan 10 19:13:13 19:13:12.797924:CID-0:RT:  service lookup identified service 0.
 
Jan 10 19:13:13 19:13:12.797924:CID-0:RT:  flow_first_final_check: in <.local..0>, out <ge-0/0/0.0>
 
Jan 10 19:13:13 19:13:12.797924:CID-0:RT:flow_first_complete_session, pak_ptr: 0x5090ec98, nsp: 0x5b497fb8, in_tunnel: 0x0
 
Jan 10 19:13:13 19:13:12.797924:CID-0:RT:construct v4 vector for nsp2
 
Jan 10 19:13:13 19:13:12.797924:CID-0:RT:  existing vector list 0x204-0x49b21910.
 
Jan 10 19:13:13 19:13:12.797924:CID-0:RT:  Session (id:252122) created for first pak 204
 
Jan 10 19:13:13 19:13:12.797924:CID-0:RT:  flow_first_install_session======> 0x5b497fb8
 
Jan 10 19:13:13 19:13:12.797924:CID-0:RT: nsp 0x5b497fb8, nsp2 0x5b498038
 
Jan 10 19:13:13 19:13:12.797924:CID-0:RT:  make_nsp_ready_no_resolve()
 
Jan 10 19:13:13 19:13:12.797924:CID-0:RT:  route lookup: dest-ip 10.11.11.12 orig ifp .local..0 output_ifp .local..0 orig-zone 2 out-zone 2 vsd 0
 
Jan 10 19:13:13 19:13:12.797924:CID-0:RT:  route to 10.11.11.12
 
Jan 10 19:13:13 19:13:12.797924:CID-0:RT:no need update ha
 
Jan 10 19:13:13 19:13:12.797924:CID-0:RT:Installing c2s NP session wing
 
Jan 10 19:13:13 19:13:12.797924:CID-0:RT:  flow got session.
 
Jan 10 19:13:13 19:13:12.797924:CID-0:RT:  flow session id 252122
 
Jan 10 19:13:13 19:13:12.797924:CID-0:RT: vector bits 0x204 vector 0x49b21910
 
Jan 10 19:13:13 19:13:12.797924:CID-0:RT:ttl vector, out_tunnel = 0x603f6660
                                        
Jan 10 19:13:13 19:13:12.797924:CID-0:RTSmiley Tonguere-frag not needed: ipsize: 84, mtu: 1438, nsp2->pmtu: 1438
 
Jan 10 19:13:13 19:13:12.797924:CID-0:RT:  encap vector
 
Jan 10 19:13:13 19:13:12.797924:CID-0:RT:  going into tunnel 131074 (nsp_tunnel=0x603f6660).
 
Jan 10 19:13:13 19:13:12.797924:CID-0:RT:  flow_encrypt: tun 0x603f6660, type 1
 
Jan 10 19:13:13 19:13:12.797924:CID-0:RT:mbuf 0x4484de80, exit nh 0x390010
 
Jan 10 19:13:13 19:13:12.797924:CID-0:RT:flow_process_pkt_exception: Freeing lpak 0x5090ec98 associated with mbuf 0x4484de80
 
Jan 10 19:13:13 19:13:12.797924:CID-0:RT: ----- flow_process_pkt rc 0x0 (fp rc 0)
 
 
Jan 10 19:13:13 19:13:13.439494:CID-0:RT:jsf sess close notify
 
Jan 10 19:13:13 19:13:13.439494:CID-0:RT:flow_ipv4_del_flow: sess 477038, in hash 32
 
Jan 10 19:13:13 19:13:13.439494:CID-0:RT:flow_ipv4_del_flow: sess 477038, in hash 32
 
Jan 10 19:13:13 19:13:13.439494:CID-0:RT:jsf sess close notify
 
Jan 10 19:13:13 19:13:13.439494:CID-0:RT:flow_ipv4_del_flow: sess 428740, in hash 32
 
Jan 10 19:13:13 19:13:13.439494:CID-0:RT:flow_ipv4_del_flow: sess 428740, in hash 32
 
Jan 10 19:13:15 19:13:15.443178:CID-0:RT:jsf sess close notify
 
Jan 10 19:13:15 19:13:15.443178:CID-0:RT:flow_ipv4_del_flow: sess 402883, in hash 32
 
Jan 10 19:13:15 19:13:15.443178:CID-0:RT:flow_ipv4_del_flow: sess 402883, in hash 32
                                        
Jan 10 19:13:15 19:13:15.443178:CID-0:RT:jsf sess close notify

 

 

srx A result whin ping from B to 192.168.50.223

 

Jan 10 12:20:33 12:20:33.372160:CID-0:RT:<x.x.x.159.195/45128->x.x.x.219.249/15033;50,0x0> matched filter MatchTraffic:
 
Jan 10 12:20:33 12:20:33.372160:CID-0:RTSmiley Tongueacket [136] ipid = 46393, @0x43e1b71c
 
Jan 10 12:20:33 12:20:33.372160:CID-0:RT:---- flow_process_pkt: (thd 1): flow_ctxt type 15, common flag 0x0, mbuf 0x43e1b500, rtbl_idx = 0
 
Jan 10 12:20:33 12:20:33.372160:CID-0:RT: flow process pak fast ifl 73 in_ifp ge-0/0/0.0
 
Jan 10 12:20:33 12:20:33.372160:CID-0:RT:  ge-0/0/0.0:x.x.x.159.195->x.x.x.219.249, 50
 
Jan 10 12:20:33 12:20:33.372160:CID-0:RT: find flow: table 0x52fa0fc0, hash 56870(0xffff), sa x.x.x.159.195, da x.x.x.219.249, sp 45128, dp 15033, proto 50, tok 10, conn-tag 0x00000000
 
Jan 10 12:20:33 12:20:33.372160:CID-0:RT:Found: session id 0xb179. sess tok 10
 
Jan 10 12:20:33 12:20:33.372160:CID-0:RT:  flow got session.
 
Jan 10 12:20:33 12:20:33.372160:CID-0:RT:  flow session id 45433
 
Jan 10 12:20:33 12:20:33.372160:CID-0:RT:  slb_rs: nsp2flag = 0xffffffff, nspflag = 0x100621
 
Jan 10 12:20:33 12:20:33.372160:CID-0:RT:  spu local: nspflag = 0xffffffff
 
Jan 10 12:20:33 12:20:33.372160:CID-0:RT:  flow_decrypt: tun 0x562a5568(flag 0x82), iif 73
 
Jan 10 12:20:33 12:20:33.372160:CID-0:RT:lpak_init: lpak 0x511f7968, paksize 136, machdr 0x0, iphdr 0x43e1b71c
 
Jan 10 12:20:33 12:20:33.372160:CID-0:RT:<x.x.x.159.195/45128->x.x.x.219.249/15033;50,0x0> matched filter MatchTraffic:
 
Jan 10 12:20:33 12:20:33.372160:CID-0:RTSmiley Tongueacket [136] ipid = 46393, @0x43e1b71c
 
Jan 10 12:20:33 12:20:33.372160:CID-0:RT: ----- flow_process_pkt rc 0x11 (fp rc 0)
 
 
Jan 10 12:20:34 12:20:34.387857:CID-0:RT:<x.x.x.159.195/45128->x.x.x.219.249/15033;50,0x0> matched filter MatchTraffic:
 
Jan 10 12:20:34 12:20:34.387857:CID-0:RTSmiley Tongueacket [136] ipid = 46452, @0x43e3f91c
 
Jan 10 12:20:34 12:20:34.387857:CID-0:RT:---- flow_process_pkt: (thd 1): flow_ctxt type 15, common flag 0x0, mbuf 0x43e3f700, rtbl_idx = 0
 
Jan 10 12:20:34 12:20:34.387857:CID-0:RT: flow process pak fast ifl 73 in_ifp ge-0/0/0.0
 
Jan 10 12:20:34 12:20:34.387857:CID-0:RT:  ge-0/0/0.0:x.x.x.159.195->x.x.x.219.249, 50
 
Jan 10 12:20:34 12:20:34.387857:CID-0:RT: find flow: table 0x52fa0fc0, hash 56870(0xffff), sa x.x.x.159.195, da x.x.x.219.249, sp 45128, dp 15033, proto 50, tok 10, conn-tag 0x00000000
 
Jan 10 12:20:34 12:20:34.387857:CID-0:RT:Found: session id 0xb179. sess tok 10
 
Jan 10 12:20:34 12:20:34.387857:CID-0:RT:  flow got session.
 
Jan 10 12:20:34 12:20:34.387857:CID-0:RT:  flow session id 45433
 
Jan 10 12:20:34 12:20:34.387857:CID-0:RT:  slb_rs: nsp2flag = 0xffffffff, nspflag = 0x100621
 
Jan 10 12:20:34 12:20:34.387857:CID-0:RT:  spu local: nspflag = 0xffffffff
 
Jan 10 12:20:34 12:20:34.387857:CID-0:RT:  flow_decrypt: tun 0x562a5568(flag 0x82), iif 73
 
Jan 10 12:20:34 12:20:34.387857:CID-0:RT:lpak_init: lpak 0x511f7968, paksize 136, machdr 0x0, iphdr 0x43e3f91c
 
Jan 10 12:20:34 12:20:34.387857:CID-0:RT:<x.x.x.159.195/45128->x.x.x.219.249/15033;50,0x0> matched filter MatchTraffic:
 
Jan 10 12:20:34 12:20:34.387857:CID-0:RTSmiley Tongueacket [136] ipid = 46452, @0x43e3f91c
                                        
Jan 10 12:20:34 12:20:34.387857:CID-0:RT: ----- flow_process_pkt rc 0x11 (fp rc 0)
 
 
Jan 10 12:20:35 12:20:35.404657:CID-0:RT:<x.x.x.159.195/45128->x.x.x.219.249/15033;50,0x0> matched filter MatchTraffic:
 
Jan 10 12:20:35 12:20:35.404657:CID-0:RTSmiley Tongueacket [136] ipid = 46495, @0x43df751c
 
Jan 10 12:20:35 12:20:35.404657:CID-0:RT:---- flow_process_pkt: (thd 1): flow_ctxt type 15, common flag 0x0, mbuf 0x43df7300, rtbl_idx = 0
 
Jan 10 12:20:35 12:20:35.404657:CID-0:RT: flow process pak fast ifl 73 in_ifp ge-0/0/0.0
 
Jan 10 12:20:35 12:20:35.404657:CID-0:RT:  ge-0/0/0.0:x.x.x.159.195->x.x.x.219.249, 50
 
Jan 10 12:20:35 12:20:35.404657:CID-0:RT: find flow: table 0x52fa0fc0, hash 56870(0xffff), sa x.x.x.159.195, da x.x.x.219.249, sp 45128, dp 15033, proto 50, tok 10, conn-tag 0x00000000
 
Jan 10 12:20:35 12:20:35.404657:CID-0:RT:Found: session id 0xb179. sess tok 10
 
Jan 10 12:20:35 12:20:35.404657:CID-0:RT:  flow got session.
 
Jan 10 12:20:35 12:20:35.404657:CID-0:RT:  flow session id 45433
 
Jan 10 12:20:35 12:20:35.404657:CID-0:RT:  slb_rs: nsp2flag = 0xffffffff, nspflag = 0x100621
 
Jan 10 12:20:35 12:20:35.404657:CID-0:RT:  spu local: nspflag = 0xffffffff
 
Jan 10 12:20:35 12:20:35.404657:CID-0:RT:  flow_decrypt: tun 0x562a5568(flag 0x82), iif 73
 
Jan 10 12:20:35 12:20:35.404657:CID-0:RT:lpak_init: lpak 0x511f7968, paksize 136, machdr 0x0, iphdr 0x43df751c
 
Jan 10 12:20:35 12:20:35.404657:CID-0:RT:<x.x.x.159.195/45128->x.x.x.219.249/15033;50,0x0> matched filter MatchTraffic:
 
Jan 10 12:20:35 12:20:35.404657:CID-0:RTSmiley Tongueacket [136] ipid = 46495, @0x43df751c
 
Jan 10 12:20:35 12:20:35.404657:CID-0:RT: ----- flow_process_pkt rc 0x11 (fp rc 0)
 
 

SRX Services Gateway

Re: 2 vpns issue

‎01-10-2019 04:50 AM

Add below two filters on each SRX with /32 :

 

set security flow traceoptions packet-filter 1 source-prefix <ip you are pinging>/32
set security flow traceoptions packet-filter 2 destination-prefix <ip you are pinging>/32

 

You can delete other filters if not using to avoid unnecessary data in the logs.

 

Thanks,

Vikas

 

SRX Services Gateway

Re: 2 vpns issue

‎01-10-2019 08:25 AM

SRx A : traceflow  (Jan 10 15:52:16 15:52:16.908501:CID-0:RT:  packet dropped, denied by policy ??? why it is ? )

 

 

Jan 10 15:52:16 15:52:16.908501:CID-0:RT:[JSF] Do ingress interest check. regd ingress plugins(1)
 
Jan 10 15:52:16 15:52:16.908501:CID-0:RT:[JSF][0]plugins(0x0) enabled for session = 38654750702  implicit mask(0x0), service request(0x0)
 
Jan 10 15:52:16 15:52:16.908501:CID-0:RT:flow_first_routing: vr_id 0, call flow_route_lookup(): src_ip 10.11.11.12, x_dst_ip 192.168.50.223, in ifp st0.0, out ifp N/A sp 1603, dp 25809, ip_proto 1, tos 0
 
Jan 10 15:52:16 15:52:16.908501:CID-0:RTSmiley Very Happyoing DESTINATION addr route-lookup
 
Jan 10 15:52:16 15:52:16.908501:CID-0:RT:flow_ipv4_rt_lkup success 192.168.50.223, iifl 0x4b, oifl 0x53
 
Jan 10 15:52:16 15:52:16.908501:CID-0:RT:  routed (x_dst_ip 192.168.50.223) from vpn (st0.0 in 0) to ge-0/0/1.0, Next-hop: 192.168.50.223
 
Jan 10 15:52:16 15:52:16.908501:CID-0:RT:flow_first_policy_search: policy search from zone vpn-> zone Internal (0x0,0x64364d1,0x64d1)
 
Jan 10 15:52:16 15:52:16.908501:CID-0:RTSmiley Tongueolicy lkup: vsys 0 zone(6:vpn) -> zone(9:Internal) scope:0
 
Jan 10 15:52:16 15:52:16.908501:CID-0:RT:             10.11.11.12/2048 -> 192.168.50.223/55003 proto 1
 
Jan 10 15:52:16 15:52:16.908501:CID-0:RTSmiley Tongueolicy lkup: vsys 0 zone(5:global) -> zone(5:global) scope:0
 
Jan 10 15:52:16 15:52:16.908501:CID-0:RT:             10.11.11.12/2048 -> 192.168.50.223/55003 proto 1
 
Jan 10 15:52:16 15:52:16.908501:CID-0:RT:  app 0, timeout 60s, curr ageout 60s
 
Jan 10 15:52:16 15:52:16.908501:CID-0:RT:  packet dropped, denied by policy
 
Jan 10 15:52:16 15:52:16.908501:CID-0:RT:  denied by policy default-policy-logical-system-00(2), dropping pkt
 
Jan 10 15:52:16 15:52:16.908501:CID-0:RT:  packet dropped,  policy deny.
 
Jan 10 15:52:16 15:52:16.908501:CID-0:RT:flow_initiate_first_path: first pak no session
 
Jan 10 15:52:16 15:52:16.908501:CID-0:RT:  flow find session returns error.
 
Jan 10 15:52:16 15:52:16.908501:CID-0:RT:flow_proc_rc: -1.
 
Jan 10 15:52:16 15:52:16.908501:CID-0:RT:flow_process_pkt_exception: Freeing lpak 0x50e24ec0 associated with mbuf 0x43e0a500
 
Jan 10 15:52:16 15:52:16.908501:CID-0:RT: ----- flow_process_pkt rc 0x7 (fp rc 0)
 
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT:<10.11.11.11/2261->192.168.200.23/29794;1,0x0> matched filter f2:
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RTSmiley Tongueacket [84] ipid = 30104, @0x45e9f5c1
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT:---- flow_process_pkt: (thd 1): flow_ctxt type 0, common flag 0x0, mbuf 0x45e9f380, rtbl_idx = 0
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT:flow process pak, mbuf 0x45e9f380, ifl 0, ctxt_type 0 inq type 5
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT: in_ifp <junos-host:.local..0>
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT:flow_process_pkt_exception: setting rtt in lpak to 0x5e2412e8
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT:host inq check inq_type 0x5
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT:Using vr id from pfe_tag with value= 0
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT:Changing lpak->in_ifp from:.local..0 -> to:.local..0
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RTSmiley Surprisedver-riding lpak->vsys with 0
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT:  .local..0:10.11.11.11->192.168.200.23, icmp, (8/0)
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT: find flow: table 0x52fa0fc0, hash 4866(0xffff), sa 10.11.11.11, da 192.168.200.23, sp 2261, dp 29794, proto 1, tok 2, conn-tag 0x00000000
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT:  no session found, start first path. in_tunnel - 0x0, from_cp_flag - 0
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT:  flow_first_create_session
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RTSmiley Frustratedave init hash spu id 0 to nsp and nsp2!
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RTSmiley Sadflow_first_create_session) usp_tagged set session as mng session
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT:First path alloc and instl pending session, natp=0x5627acc8, id=45082
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT:  flow_first_in_dst_nat: in <.local..0>, out <N/A> dst_adr 192.168.200.23, sp 2261, dp 29794
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT:  chose interface .local..0 as incoming nat if.
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT:flow_first_rule_dst_xlate: packet 10.11.11.11->192.168.200.23 nsp2 0.0.0.0->192.168.200.23.
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT:-jsf : Alloc sess plugin info for session 38654750746
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT:[JSF] Do ingress interest check. regd ingress plugins(1)
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT:[JSF][0]plugins(0x0) enabled for session = 38654750746  implicit mask(0x0), service request(0x0)
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT:flow_first_routing: vr_id 0, call flow_route_lookup(): src_ip 10.11.11.11, x_dst_ip 192.168.200.23, in ifp .local..0, out ifp N/A sp 2261, dp 29794, ip_proto 1, tos 0
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RTSmiley Very Happyoing DESTINATION addr route-lookup
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT:flow_ipv4_rt_lkup success 192.168.200.23, iifl 0x0, oifl 0x4b
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT:Checking in-ifp from .local..0 to st0.0 for src: 10.11.11.11 in vr_id:0
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT:  routed (x_dst_ip 192.168.200.23) from junos-host (.local..0 in 0) to st0.0, Next-hop: 192.168.200.23
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT:flow_first_policy_search: policy search from zone junos-host-> zone vpn (0x0,0x8d57462,0x7462)
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RTSmiley Tongueolicy lkup: vsys 0 zone(2:junos-host) -> zone(6:vpn) scope:0
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT:             10.11.11.11/2048 -> 192.168.200.23/5002 proto 1
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT:  app 0, timeout 60s, curr ageout 60s
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT:  permitted by policy self-traffic-policy(1)
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT:  packet passed, Permitted by policy.
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT:flow_first_src_xlate:  nat_src_xlated: False, nat_src_xlate_failed: False
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT:flow_first_src_xlate:  incoming src port is : 2261.
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT:flow_first_src_xlate: src nat returns status: 0, rule/pool id: 0/0, pst_nat: False.
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT:  dip id = 0/0, 10.11.11.11/2261->10.11.11.11/2261 protocol 0
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RTSmiley Sadflow_first_get_tun_info) Valid IP, using IP from session
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT:  Doing IPSec traffic-selector match for  10.11.11.11 -> 192.168.200.23
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT: Did not find traffic-selector enabled nsp_tunnel for  st0-ifp st0.0. Finding non-traffic-selector nsp_tunnel
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT: Found non-NHTB IPSec nsp_tunnel for ifp st0.0
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT: Found IPSec nsp_tunnel 0x562a5568 for bind-ifp st0.0
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT:flow_first_get_tun_info: tunnel out 0x562a5568, tun id 131073
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT:flow_first_get_out_ifp: tunnel out 0x562a5568, tun id 131073, tun if ge-0/0/0.0, tun bind if st0.0
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT:  choose interface ge-0/0/0.0(P2P) as outgoing phy if
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT:is_loop_pak: No loop: on ifp: st0.0, addr: 192.168.200.23, rtt_idx:0
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT:[JSF]Normal interest check. regd plugins 31, enabled impl mask 0x0
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT:+++++++++++jsf_test_plugin_data_evh: 3
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT:[JSF]Plugins(0x0, count 0) enabled for session = 38654750746, impli mask(0x0), post_nat cnt 0 svc req(0x56d04640)
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT:-jsf : no plugin interested for session 38654750746, free sess plugin info
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT:[JSF]Releasing plugin info blocks
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT:flow_first_service_lookup(): natp(0x5627acc8): app_id, 0(0).
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT:  service lookup identified service 0.
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT:  flow_first_final_check: in <.local..0>, out <ge-0/0/0.0>
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT:In flow_first_complete_session
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT:flow_first_complete_session, pak_ptr: 0x50e24d00, nsp: 0x5627acc8, in_tunnel: 0x0
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT:construct v4 vector for nsp2 and nsp
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT:  existing vector list 0x204-0x4b105040.
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT:  existing vector list 0x204-0x4b105040.
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT:  Session (id:45082) created for first pak 204
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT:first pak processing successful
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT:  flow_first_install_session======> 0x5627acc8
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT: nsp 0x5627acc8, nsp2 0x5627ad58
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT:  make_nsp_ready_no_resolve()
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT:flow_ipv4_rt_lkup success 10.11.11.11, iifl 0x0, oifl 0x0
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT:  route lookup: dest-ip 10.11.11.11 orig ifp .local..0 output_ifp .local..0 orig-zone 2 out-zone 2 vsd 0
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT:  route to 10.11.11.11
                                        
Jan 10 15:52:17 15:52:17.468897:CID-0:RT:no need update ha
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT:Installing c2s NP session wing
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT:first path session installation succeeded
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT:  flow got session.
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT:  flow session id 45082
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT: vector bits 0x204 vector 0x4b105040
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT:ttl vector, out_tunnel = 0x562a5568
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RTSmiley Tonguere-frag not needed: ipsize: 84, mtu: 1438, nsp2->pmtu: 1438
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT:  encap vector
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT:  going into tunnel 131073 (nsp_tunnel=0x562a5568).
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT:  flow_encrypt: tun 0x562a5568, type 1
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT:mbuf 0x45e9f380, exit nh 0x260010
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT:flow_process_pkt_exception: Freeing lpak 0x50e24d00 associated with mbuf 0x45e9f380
 
Jan 10 15:52:17 15:52:17.468897:CID-0:RT: ----- flow_process_pkt rc 0x0 (fp rc 0)

 

 

SRX B  , from srxA ping 192.168.200.23

 

Jan 10 23:12:00 23:11:57.441496:CID-0:RT: jsf sess destroy notify plugin id 22. rc 0
 
Jan 10 23:12:00 23:11:57.441496:CID-0:RT:jsf sess destroy notify
 
Jan 10 23:12:00 23:11:57.441496:CID-0:RT:[JSF] set ext handle 0x0 for plugin 22 on session 360777429824
 
Jan 10 23:12:00 23:11:57.441496:CID-0:RT: jsf sess destroy notify plugin id 22. rc 0
 
Jan 10 23:12:00 23:11:57.441496:CID-0:RT:jsf sess destroy notify
 
Jan 10 23:12:00 23:11:57.441496:CID-0:RT:[JSF] set ext handle 0x0 for plugin 22 on session 356482698312
 
Jan 10 23:12:00 23:11:57.441496:CID-0:RT: jsf sess destroy notify plugin id 22. rc 0
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:<192.168.200.19/54246->8.8.8.8/53;17> matched filter f1:
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RTSmiley Tongueacket [57] ipid = 20392, @0x4365119e
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:---- flow_process_pkt: (thd 1): flow_ctxt type 15, common flag 0x0, mbuf 0x43650f80, rtbl_idx = 0
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT: flow process pak fast ifl 72 in_ifp ge-0/0/1.0
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT: find flow: table 0x5088de78, hash 33103(0xffff), sa 192.168.200.19, da 8.8.8.8, sp 54246, dp 53, proto 17, tok 6
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:  flow_first_create_session
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:  flow_first_in_dst_nat: in <ge-0/0/1.0>, out <N/A> dst_adr 8.8.8.8, sp 54246, dp 53
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:  chose interface ge-0/0/1.0 as incoming nat if.
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:flow_first_rule_dst_xlate: DST no-xlate: 0.0.0.0(0) to 8.8.8.8(53)
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:flow_first_routing: vr_id 0, call flow_route_lookup(): src_ip 192.168.200.19, x_dst_ip 8.8.8.8, in ifp ge-0/0/1.0, out ifp N/A sp 54246, dp 53, ip_proto 17, tos 0
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RTSmiley Very Happyoing DESTINATION addr route-lookup
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:  routed (x_dst_ip 8.8.8.8) from Internal (ge-0/0/1.0 in 0) to ge-0/0/0.0, Next-hop: x.x.x.159.193
                                        
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:flow_first_policy_search: policy search from zone Internal-> zone Internet (0x0,0xd3e60035,0x35)
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RTSmiley Tongueolicy lkup: vsys 0 zone(6:Internal) -> zone(7:Internet) scope:0
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:             192.168.200.19/54246 -> 8.8.8.8/53 proto 17
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:  app 16, timeout 60s, curr ageout 60s
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:  permitted by policy All_Internal_Internet(4)
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:  packet passed, Permitted by policy.
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:flow_first_src_xlate:  nat_src_xlated: False, nat_src_xlate_failed: False
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:flow_first_src_xlate: src nat returns status: 1, rule/pool id: 1/2, pst_nat: False.
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:  dip id = 2/0, 192.168.200.19/54246->x.x.x.159.195/24766 protocol 17
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:  choose interface ge-0/0/0.0 as outgoing phy if
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:is_loop_pak: No loop: on ifp: ge-0/0/0.0, addr: 8.8.8.8, rtt_idx:0
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:-jsf : Alloc sess plugin info for session 360777428649
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:[JSF]Normal interest check. regd plugins 19, enabled impl mask 0x0
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:-jsf int check: plugin id  2, svc_req 0x0, impl mask 0x0. rc 4
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:-jsf int check: plugin id  3, svc_req 0x0, impl mask 0x0. rc 4
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:-jsf int check: plugin id  5, svc_req 0x0, impl mask 0x0. rc 4
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:-jsf int check: plugin id  6, svc_req 0x0, impl mask 0x0. rc 4
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:-jsf int check: plugin id  7, svc_req 0x0, impl mask 0x0. rc 4
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:-jsf int check: plugin id  8, svc_req 0x0, impl mask 0x0. rc 4
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:-jsf int check: plugin id 12, svc_req 0x0, impl mask 0x0. rc 4
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:-jsf int check: plugin id 15, svc_req 0x0, impl mask 0x0. rc 4
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:+++++++++++jsf_test_plugin_data_evh: 3
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:-jsf int check: plugin id 16, svc_req 0x0, impl mask 0x0. rc 4
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT: Allocating plugin info block for plugin(22)
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:[JSF] set ext handle 0x49b85010 for plugin 22 on session 360777428649
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:-jsf int check: plugin id 22, svc_req 0x4, impl mask 0x0. rc 3
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:-jsf int check: plugin id 23, svc_req 0x0, impl mask 0x0. rc 4
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:-jsf int check: plugin id 26, svc_req 0x0, impl mask 0x0. rc 4
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:-jsf int check: plugin id 27, svc_req 0x0, impl mask 0x0. rc 2
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:-jsf int check: plugin id 28, svc_req 0x0, impl mask 0x0. rc 4
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:[JSF]Plugins(0x4, count 0) enabled for session = 4294967296, impli mask(0x54), post_nat cnt 175785 svc req(0x0)
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:[JSF]c2s order list:
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:               22
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:[JSF]s2c order list:
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:               22
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:  service lookup identified service 16.
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:  flow_first_final_check: in <ge-0/0/1.0>, out <ge-0/0/0.0>
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:flow_first_final_check: flow_set_xlate_vector.
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:flow_first_complete_session, pak_ptr: 0x5090f090, nsp: 0x59365870, in_tunnel: 0x0
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:construct v4 vector for nsp2
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:  existing vector list 0x9080-0x48bddd10.
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:  Session (id:175785) created for first pak 9080
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:  flow_first_install_session======> 0x59365870
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT: nsp 0x59365870, nsp2 0x593658f0
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:  make_nsp_ready_no_resolve()
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:  route lookup: dest-ip 192.168.200.19 orig ifp ge-0/0/1.0 output_ifp ge-0/0/1.0 orig-zone 6 out-zone 6 vsd 0
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:  route to 192.168.200.19
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RTSmiley Very Happyoing jsf sess create notify
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:-jsf create notify: plugin id 22. rc 3
                                        
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:flow_do_jsf_notify_session_creation(): natp(0x59365870): 0 SHORT_CIRCUITED: 0x00000000.
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:no need update ha
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:Installing c2s NP session wing
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:Installing s2c NP session wing
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:  flow got session.
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT: flow fast tcp/udp session id 175785
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT: vector bits 0x9080 vector 0x48bddd10
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT: ****jsf svc chain: sess id 175785, dir 1, nat_done 0, pak pid 0, first pid 22
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT: plugin id 22. action 0, stbuf 0x0
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT: jsf reinj pak pid 22, dir 1, jbuf 0x62b1f0f8, release hold 0
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:jsf_inject_pkt_to_flow: Fill in flow_ctxt->rtbl_idx(0) based on natp, cos 0.
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RTSmiley TongueKT-PROC for plugin 22 jbuf 0x62b1fbf8, sess jsf flags 0x0, rc 7
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT: ----- flow_process_pkt rc 0x7 (fp rc -1)
 
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:<192.168.200.19/17489->8.8.8.8/53;17> matched filter f1:
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RTSmiley Tongueacket [57] ipid = 20393, @0x4362be9e
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:---- flow_process_pkt: (thd 1): flow_ctxt type 15, common flag 0x0, mbuf 0x4362bc80, rtbl_idx = 0
                                        
Jan 10 23:12:00 23:11:57.466460:CID-0:RT: flow process pak fast ifl 72 in_ifp ge-0/0/1.0
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT: find flow: table 0x5088de78, hash 58183(0xffff), sa 192.168.200.19, da 8.8.8.8, sp 17489, dp 53, proto 17, tok 6
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:  flow_first_create_session
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:  flow_first_in_dst_nat: in <ge-0/0/1.0>, out <N/A> dst_adr 8.8.8.8, sp 17489, dp 53
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:  chose interface ge-0/0/1.0 as incoming nat if.
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:flow_first_rule_dst_xlate: DST no-xlate: 0.0.0.0(0) to 8.8.8.8(53)
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:flow_first_routing: vr_id 0, call flow_route_lookup(): src_ip 192.168.200.19, x_dst_ip 8.8.8.8, in ifp ge-0/0/1.0, out ifp N/A sp 17489, dp 53, ip_proto 17, tos 0
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RTSmiley Very Happyoing DESTINATION addr route-lookup
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:  routed (x_dst_ip 8.8.8.8) from Internal (ge-0/0/1.0 in 0) to ge-0/0/0.0, Next-hop: x.x.x.159.193
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:flow_first_policy_search: policy search from zone Internal-> zone Internet (0x0,0x44510035,0x35)
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RTSmiley Tongueolicy lkup: vsys 0 zone(6:Internal) -> zone(7:Internet) scope:0
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:             192.168.200.19/17489 -> 8.8.8.8/53 proto 17
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:  app 16, timeout 60s, curr ageout 60s
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:  permitted by policy All_Internal_Internet(4)
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:  packet passed, Permitted by policy.
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:flow_first_src_xlate:  nat_src_xlated: False, nat_src_xlate_failed: False
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:flow_first_src_xlate: src nat returns status: 1, rule/pool id: 1/2, pst_nat: False.
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:  dip id = 2/0, 192.168.200.19/17489->x.x.x.159.195/4315 protocol 17
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:  choose interface ge-0/0/0.0 as outgoing phy if
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:is_loop_pak: No loop: on ifp: ge-0/0/0.0, addr: 8.8.8.8, rtt_idx:0
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:-jsf : Alloc sess plugin info for session 356482804594
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:[JSF]Normal interest check. regd plugins 19, enabled impl mask 0x0
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:-jsf int check: plugin id  2, svc_req 0x0, impl mask 0x0. rc 4
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:-jsf int check: plugin id  3, svc_req 0x0, impl mask 0x0. rc 4
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:-jsf int check: plugin id  5, svc_req 0x0, impl mask 0x0. rc 4
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:-jsf int check: plugin id  6, svc_req 0x0, impl mask 0x0. rc 4
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:-jsf int check: plugin id  7, svc_req 0x0, impl mask 0x0. rc 4
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:-jsf int check: plugin id  8, svc_req 0x0, impl mask 0x0. rc 4
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:-jsf int check: plugin id 12, svc_req 0x0, impl mask 0x0. rc 4
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:-jsf int check: plugin id 15, svc_req 0x0, impl mask 0x0. rc 4
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:+++++++++++jsf_test_plugin_data_evh: 3
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:-jsf int check: plugin id 16, svc_req 0x0, impl mask 0x0. rc 4
                                        
Jan 10 23:12:00 23:11:57.466460:CID-0:RT: Allocating plugin info block for plugin(22)
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:[JSF] set ext handle 0x49b00618 for plugin 22 on session 356482804594
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:-jsf int check: plugin id 22, svc_req 0x4, impl mask 0x0. rc 3
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:-jsf int check: plugin id 23, svc_req 0x0, impl mask 0x0. rc 4
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:-jsf int check: plugin id 26, svc_req 0x0, impl mask 0x0. rc 4
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:-jsf int check: plugin id 27, svc_req 0x0, impl mask 0x0. rc 2
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:-jsf int check: plugin id 28, svc_req 0x0, impl mask 0x0. rc 4
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:[JSF]Plugins(0x4, count 0) enabled for session = 4294967296, impli mask(0x53), post_nat cnt 519026 svc req(0x0)
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:[JSF]c2s order list:
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:               22
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:[JSF]s2c order list:
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:               22
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:  service lookup identified service 16.
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:  flow_first_final_check: in <ge-0/0/1.0>, out <ge-0/0/0.0>
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:flow_first_final_check: flow_set_xlate_vector.
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:flow_first_complete_session, pak_ptr: 0x5090f090, nsp: 0x628a9e78, in_tunnel: 0x0
                                        
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:construct v4 vector for nsp2
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:  existing vector list 0x9080-0x48bddd10.
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:  Session (id:519026) created for first pak 9080
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:  flow_first_install_session======> 0x628a9e78
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT: nsp 0x628a9e78, nsp2 0x628a9ef8
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:  make_nsp_ready_no_resolve()
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:  route lookup: dest-ip 192.168.200.19 orig ifp ge-0/0/1.0 output_ifp ge-0/0/1.0 orig-zone 6 out-zone 6 vsd 0
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:  route to 192.168.200.19
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RTSmiley Very Happyoing jsf sess create notify
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:-jsf create notify: plugin id 22. rc 3
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:flow_do_jsf_notify_session_creation(): natp(0x628a9e78): 0 SHORT_CIRCUITED: 0x00000000.
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:no need update ha
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:Installing c2s NP session wing
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:Installing s2c NP session wing
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:  flow got session.
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT: flow fast tcp/udp session id 519026
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT: vector bits 0x9080 vector 0x48bddd10
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT: ****jsf svc chain: sess id 519026, dir 1, nat_done 0, pak pid 0, first pid 22
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT: plugin id 22. action 0, stbuf 0x0
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT: jsf reinj pak pid 22, dir 1, jbuf 0x62b1f1f8, release hold 0
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:jsf_inject_pkt_to_flow: Fill in flow_ctxt->rtbl_idx(0) based on natp, cos 0.
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RTSmiley TongueKT-PROC for plugin 22 jbuf 0x62b1fcf8, sess jsf flags 0x0, rc 7
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT: ----- flow_process_pkt rc 0x7 (fp rc -1)
 
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:<192.168.200.19/29940->8.8.8.8/53;17> matched filter f1:
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RTSmiley Tongueacket [57] ipid = 20394, @0x4362d81e
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:---- flow_process_pkt: (thd 1): flow_ctxt type 15, common flag 0x0, mbuf 0x4362d600, rtbl_idx = 0
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT: flow process pak fast ifl 72 in_ifp ge-0/0/1.0
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT: find flow: table 0x5088de78, hash 11337(0xffff), sa 192.168.200.19, da 8.8.8.8, sp 29940, dp 53, proto 17, tok 6
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:  flow_first_create_session
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:  flow_first_in_dst_nat: in <ge-0/0/1.0>, out <N/A> dst_adr 8.8.8.8, sp 29940, dp 53
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:  chose interface ge-0/0/1.0 as incoming nat if.
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:flow_first_rule_dst_xlate: DST no-xlate: 0.0.0.0(0) to 8.8.8.8(53)
                                        
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:flow_first_routing: vr_id 0, call flow_route_lookup(): src_ip 192.168.200.19, x_dst_ip 8.8.8.8, in ifp ge-0/0/1.0, out ifp N/A sp 29940, dp 53, ip_proto 17, tos 0
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RTSmiley Very Happyoing DESTINATION addr route-lookup
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:  routed (x_dst_ip 8.8.8.8) from Internal (ge-0/0/1.0 in 0) to ge-0/0/0.0, Next-hop: x.x.x.159.193
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:flow_first_policy_search: policy search from zone Internal-> zone Internet (0x0,0x74f40035,0x35)
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RTSmiley Tongueolicy lkup: vsys 0 zone(6:Internal) -> zone(7:Internet) scope:0
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:             192.168.200.19/29940 -> 8.8.8.8/53 proto 17
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:  app 16, timeout 60s, curr ageout 60s
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:  permitted by policy All_Internal_Internet(4)
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:  packet passed, Permitted by policy.
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:flow_first_src_xlate:  nat_src_xlated: False, nat_src_xlate_failed: False
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:flow_first_src_xlate: src nat returns status: 1, rule/pool id: 1/2, pst_nat: False.
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:  dip id = 2/0, 192.168.200.19/29940->x.x.x.159.195/15707 protocol 17
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:  choose interface ge-0/0/0.0 as outgoing phy if
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:is_loop_pak: No loop: on ifp: ge-0/0/0.0, addr: 8.8.8.8, rtt_idx:0
 
Jan 10 23:12:00 23:11:57.466460:CID-0:RT:-jsf : Alloc sess plugin info for session 360777284328
 
Jan 10 23:12:00 23:11:58.624697:CID-0:RT:flow_first_policy_search: policy search from zone Internal-> zone Internet (0x0,0xb6b80035,0x35)
                                        
Jan 10 23:12:00 23:11:58.624697:CID-0:RTSmiley Tongueolicy lkup: vsys 0 zone(6:Internal) -> zone(7:Internet) scope:0
 
Jan 10 23:12:00 23:11:58.624697:CID-0:RT:             192.168.200.19/46776 -> 8.8.8.8/53 proto 17
 
Jan 10 23:12:00 23:11:58.624697:CID-0:RT:  app 16, timeout 60s, curr ageout 60s
 
Jan 10 23:12:00 23:11:58.624697:CID-0:RT:  permitted by policy All_Internal_Internet(4)
 
Jan 10 23:12:00 23:11:58.624697:CID-0:RT:  packet passed, Permitted by policy.
 
Jan 10 23:12:00 23:11:58.624697:CID-0:RT:flow_first_src_xlate:  nat_src_xlated: False, nat_src_xlate_failed: False
 
Jan 10 23:12:00 23:11:58.624697:CID-0:RT:flow_first_src_xlate: src nat returns status: 1, rule/pool id: 1/2, pst_nat: False.
 
Jan 10 23:12:00 23:11:58.624697:CID-0:RT:  dip id = 2/0, 192.168.200.19/46776->x.x.x.159.195/28546 protocol 17
 
Jan 10 23:12:00 23:11:58.624697:CID-0:RT:  choose interface ge-0/0/0.0 as outgoing phy if
 
Jan 10 23:12:00 23:11:58.624697:CID-0:RT:is_loop_pak: No loop: on ifp: ge-0/0/0.0, addr: 8.8.8.8, rtt_idx:0
 
Jan 10 23:12:00 23:11:58.624697:CID-0:RT:-jsf : Alloc sess plugin info for session 356482678341
 
Jan 10 23:12:00 23:11:58.624697:CID-0:RT:[JSF]Normal interest check. regd plugins 19, enabled impl mask 0x0
 
Jan 10 23:12:00 23:11:58.624697:CID-0:RT:-jsf int check: plugin id  2, svc_req 0x0, impl mask 0x0. rc 4
 
Jan 10 23:12:00 23:11:58.624697:CID-0:RT:-jsf int check: plugin id  3, svc_req 0x0, impl mask 0x0. rc 4
 
Jan 10 23:12:00 23:11:58.624697:CID-0:RT:-jsf int check: plugin id  5, svc_req 0x0, impl mask 0x0. rc 4
 
Jan 10 23:12:00 23:11:58.624697:CID-0:RT:-jsf int check: plugin id  6, svc_req 0x0, impl mask 0x0. rc 4
 
Jan 10 23:12:00 23:11:58.624697:CID-0:RT:-jsf int check: plugin id  7, svc_req 0x0, impl mask 0x0. rc 4
 
Jan 10 23:12:00 23:11:58.624697:CID-0:RT:-jsf int check: plugin id  8, svc_req 0x0, impl mask 0x0. rc 4
 
Jan 10 23:12:00 23:11:58.624697:CID-0:RT:-jsf int check: plugin id 12, svc_req 0x0, impl mask 0x0. rc 4
 
Jan 10 23:12:00 23:11:58.624697:CID-0:RT:-jsf int check: plugin id 15, svc_req 0x0, impl mask 0x0. rc 4
 
Jan 10 23:12:00 23:11:58.624697:CID-0:RT:+++++++++++jsf_test_plugin_data_evh: 3
 
Jan 10 23:12:00 23:11:58.624697:CID-0:RT:-jsf int check: plugin id 16, svc_req 0x0, impl mask 0x0. rc 4
 
Jan 10 23:12:00 23:11:58.624697:CID-0:RT: Allocating plugin info block for plugin(22)
 
Jan 10 23:12:00 23:11:58.624697:CID-0:RT:[JSF] set ext handle 0x49b43040 for plugin 22 on session 356482678341
 
Jan 10 23:12:00 23:11:58.624697:CID-0:RT:-jsf int check: plugin id 22, svc_req 0x4, impl mask 0x0. rc 3
 
Jan 10 23:12:00 23:11:58.624697:CID-0:RT:-jsf int check: plugin id 23, svc_req 0x0, impl mask 0x0. rc 4
 
Jan 10 23:12:00 23:11:58.624697:CID-0:RT:-jsf int check: plugin id 26, svc_req 0x0, impl mask 0x0. rc 4
 
Jan 10 23:12:00 23:11:58.624697:CID-0:RT:-jsf int check: plugin id 27, svc_req 0x0, impl mask 0x0. rc 2
 
Jan 10 23:12:00 23:11:58.624697:CID-0:RT:-jsf int check: plugin id 28, svc_req 0x0, impl mask 0x0. rc 4
 
Jan 10 23:12:00 23:11:58.624697:CID-0:RT:[JSF]Plugins(0x4, count 0) enabled for session = 4294967296, impli mask(0x53), post_nat cnt 392773 svc req(0x0)
 
Jan 10 23:12:00 23:11:58.624697:CID-0:RT:[JSF]c2s order list:
 
Jan 10 23:12:00 23:11:58.624697:CID-0:RT:               22
 
Jan 10 23:12:00 23:11:58.624697:CID-0:RT:[JSF]s2c order list:
 
Jan 10 23:12:00 23:11:58.624697:CID-0:RT:               22
 
Jan 10 23:12:00 23:11:58.624697:CID-0:RT:  service lookup identified service 16.
 
Jan 10 23:12:00 23:11:58.624697:CID-0:RT:  flow_first_final_check: in <ge-0/0/1.0>, out <ge-0/0/0.0>
 
Jan 10 23:12:00 23:11:58.624697:CID-0:RT:flow_first_final_check: flow_set_xlate_vector.
 
Jan 10 23:12:00 23:11:58.624697:CID-0:RT:flow_first_complete_session, pak_ptr: 0x5090f090, nsp: 0x5f1c2650, in_tunnel: 0x0
 
Jan 10 23:12:00 23:11:58.624697:CID-0:RT:construct v4 vector for nsp2
 
Jan 10 23:12:00 23:11:58.624697:CID-0:RT:  existing vector list 0x9080-0x48bddd10.
 
Jan 10 23:12:00 23:11:58.624697:CID-0:RT:  Session (id:392773) created for first pak 9080
 
Jan 10 23:12:00 23:11:58.624697:CID-0:RT:  flow_first_install_session======> 0x5f1c2650
 
Jan 10 23:12:00 23:11:58.624697:CID-0:RT: nsp 0x5f1c2650, nsp2 0x5f1c26d0
 
Jan 10 23:12:00 23:11:58.624697:CID-0:RT:  make_nsp_ready_no_resolve()
 
Jan 10 23:12:00 23:11:58.624697:CID-0:RT:  route lookup: dest-ip 192.168.200.19 orig ifp ge-0/0/1.0 output_ifp ge-0/0/1.0 orig-zone 6 out-zone 6 vsd 0
 
Jan 10 23:12:00 23:11:58.624697:CID-0:RT:  route to 192.168.200.19
 
Jan 10 23:12:00 23:11:58.624697:CID-0:RTSmiley Very Happyoing jsf sess create notify
 
Jan 10 23:12:00 23:11:58.624697:CID-0:RT:-jsf create notify: plugin id 22. rc 3
 
Jan 10 23:12:00 23:11:58.624697:CID-0:RT:flow_do_jsf_notify_session_creation(): natp(0x5f1c2650): 0 SHORT_CIRCUITED: 0x00000000.
                                        
Jan 10 23:12:00 23:11:58.624697:CID-0:RT:no need update ha
 
Jan 10 23:12:00 23:11:58.624697:CID-0:RT:Installing c2s NP session wing
 
Jan 10 23:12:00 23:11:58.624697:CID-0:RT:Installing s2c NP session wing
 
Jan 10 23:12:00 23:11:58.624697:CID-0:RT:  flow got session.
 
Jan 10 23:12:00 23:11:58.624697:CID-0:RT: flow fast tcp/udp session id 392773
 
Jan 10 23:12:00 23:11:58.624697:CID-0:RT: vector bits 0x9080 vector 0x48bddd10
 
Jan 10 23:12:00 23:11:58.624697:CID-0:RT: ****jsf svc chain: sess id 392773, dir 1, nat_done 0, pak pid 1738063392, first pid 22
 
Jan 10 23:12:00 23:11:58.624697:CID-0:RT: plugin id 22. action 0, stbuf 0x0
 
Jan 10 23:12:00 23:11:58.624697:CID-0:RT: jsf reinj pak pid 22, dir 1, jbuf 0x62b3c078, release hold 0
 
Jan 10 23:12:00 23:11:58.624697:CID-0:RT:jsf_inject_pkt_to_flow: Fill in flow_ctxt->rtbl_idx(0) based on natp, cos 0.
 
Jan 10 23:12:00 23:11:58.624697:CID-0:RTSmiley TongueKT-PROC for plugin 22 jbuf 0x62b3abf8, sess jsf flags 0x0, rc 7
 
Jan 10 23:12:00 23:11:58.624697:CID-0:RT: ----- flow_process_pkt rc 0x7 (fp rc -1)
 
 
Jan 10 23:12:00 23:11:58.624697:CID-0:RT:<192.168.200.19/16172->8.8.8.8/53;17> matched filter f1:
 
Jan 10 23:12:00 23:11:58.624697:CID-0:RTSmiley Tongueacket [57] ipid = 20710, @0x435cf79e
 
Jan 10 23:12:00 23:11:58.624697:CID-0:RT:---- flow_process_pkt: (thd 1): flow_ctxt type 15, common flag 0x0, mbuf 0x435cf580, rtbl_idx = 0
 
Jan 10 23:12:00 23:11:58.624697:CID-0:RT: flow process pak fast ifl 72 in_ifp ge-0/0/1.0
                                        
Jan 10 23:12:00 23:11:58.624697:CID-0:RT: find flow: table 0x5088de78, hash 35820(0xffff), sa 192.168.200.19, da 8.8.8.8, sp 16172, dp 53, proto 17, tok 6
 
Jan 10 23:12:00 23:11:58.624697:CID-0:RT:  flow_first_create_session
 
Rotating trace files

 

SRX Services Gateway

Re: 2 vpns issue

[ Edited ]
‎01-10-2019 09:05 AM

Hi thnx for you help, as you mentioned i have added trace flow and found that  SrxA " denied by policy default-policy-logical-system-00(2), dropping pkt " and googled , then i have added Internal-Internal policy  in both srxA & B , immediatly st0.0 interface started pinging and st0.2 (second vpn working as unstable... ipsec sa going down and coming back, its not stable )

     why its happening , can't i use both at a same time ? 

SRX Services Gateway

Re: 2 vpns issue

‎01-10-2019 11:07 AM

Hi ,

    

    First vpn is up but second vpn gone, it is unstable ? ipsec sa is up but going down and coming back, its unstable