SRX

 View Only
last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  SRX 1400 "max initiated negotiations in progress"

    Posted 10-06-2017 14:26

    Short question: Does anyone have any idea what causes SRX 1400 to only log this with ike debug enabled, not bringing up a VPN tunnel?

     

    [Oct 6 13:22:29 PIC 1/1/0 KMD2][234.234.234.234 <-> 123.123.123.123] Reached max initiated negotiations in progress. Ignoring the request to trigger new negotiation
    [Oct 6 13:22:33 PIC 1/1/0 KMD2][234.234.234.234 <-> 123.123.123.123] Received IKE Trigger message with local_gw_addr = 234.234.234.234 remote_gw_addr = 123.123.123.123

     

    Looks like I have this problem with one particular routed VPN tunnel with three network pairs, doesn't matter if the tunnel is configured with traffic-selectors or as three different tunnels. Other tunnels on the same device seem to work just fine, even newer ones than this problematic one.

     

    The devices are an SRX 1400 cluster, with some 50-100 active routed tunnels. The configuration maximums shouldn't be even close, as far as I know the limit should be like 5000 tunnels for SRX 1400?



  • 2.  RE: SRX 1400 "max initiated negotiations in progress"
    Best Answer

     
    Posted 10-07-2017 02:05

    It looks you are hitting know issue PR1085657. More details on below URL

     

    https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1085657&smlogin=true

     

    Fix available on versions above 12.1X46-D40 12.1X47-D25 12.3X48-D20 15.1X49-D20



  • 3.  RE: SRX 1400 "max initiated negotiations in progress"

    Posted 10-10-2017 04:25

    Looks correct. Great, thanks. 🙂