SRX

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



  • 1.  VPN tunnel needs regular manual restart - how to automate it?

    Posted 12 days ago
    Hi all, 

    We are running an IPSec tunnel from a SRX340 cluster (19.4R3.11) and a Checkpoint cluster.

    The thing is that the tunnel fails sending traffic almost every day, despite the SA and the tunnel itself seems to be up, having to manually CLI and run: "clear security ike security-associations", then the traffic comes back immediately 

    How could we either reinforce a regular automatic rekey or to auto clear the IKE SA's? Any idea?

    Thanks


  • 2.  RE: VPN tunnel needs regular manual restart - how to automate it?

     
    Posted 12 days ago
    This type of problem can occur when the timing parameters for both phase 1 and phase 2 don't exactly match between the two firewalls.  So verify those and make sure only one side has any auto-initiate configuration.

    For your work around you would create an event policy at whatever interval you want to run the operational command.

    https://www.juniper.net/documentation/en_US/junos/topics/example/junos-script-automation-event-policy-generating-internal-event.html

    Then use that event to trigger running the command at that time as a script.
    https://www.juniper.net/documentation/us/en/software/junos/automation-scripting/topics/concept/automation-configuring-an-event-policy-to-execute-operational-mode-commands.html

    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
    http://puluka.com/home
    ------------------------------