SRX

 View Only
last person joined: 16 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  IPsec tunnel appears up but not passing traffic

    Posted 03-15-2011 02:44

    Hiu guys,

    experiencing an issue on an srx240 cluster whereby the IPsec tunnel appears up but is not passing any traffic through it.

    sh log kmd:

     

    Mar 15 21:15:05 f1-evn1 clear-log[3383]: logfile cleared
    Mar 15 21:17:00 Group/Shared IKE ID VPN configured: 0
    Mar 15 21:17:00 Obsolete parameter length_of_local_secret is not set to zero in ssh_ike_init
    Mar 15 21:17:00 Obsolete parameter token_hash_type is not set to zero in ssh_ike_init
    Mar 15 21:17:00 KMD_INTERNAL_ERROR: Error:File exists in adding SA config for tunnel id 131073 spi 0
    Mar 15 21:17:00 jnp_ike_tunnel_table_entry_add: tunnel_id: 1 remote ip: 85.91.140.113 already exists in ike_tunnel_table
    Mar 15 21:17:00 KMD_INTERNAL_ERROR: iked_ifstate_eoc_handler: EOC msg received
    Mar 15 21:19:00 KMD_INTERNAL_ERROR: iked_ha_clear_ike_sa: Failed to get IKE sa stats, error 3
    Mar 15 21:19:00 KMD_INTERNAL_ERROR: iked_ha_clear_ike_sa: Failed to get IKE sa stats, error 3

     

     

    Any ideas or advise?

     

    Thanks,

     

    Paul


    #vpn


  • 2.  RE: IPsec tunnel appears up but not passing traffic
    Best Answer

    Posted 03-18-2011 07:27

    Apparently there was a CPU spike and that prevented cpu resources being allocated to the IPsec daemon. A restart got it going again.



  • 3.  RE: IPsec tunnel appears up but not passing traffic

    Posted 09-04-2011 18:07

    A resart of what?  The daemon or the node?