Security

 View Only
last person joined: 2 days ago 

Ask questions and share experiences with Juniper Connected Security. Discuss Advance Threat Protection, Policy Enforcer, SecIntel, Secure Analytics, Secure Connect, Secure Director and all things related to Juniper security technologies.
  • 1.  IPSec sa negotiation loop

    Posted 03-16-2022 05:33
    Hi,

    I am setting up multiple IPsec tunnels between an SRX300 and a customers third party device, the tunnels come up for a few seconds only before getting the following error:

    Mar 16 10:59:25 fw1 kmd[2029]: IPSec sa negotiation loop detected for peer_ip=5.6.7.8, local_ip=1.2.3.4 ; rejecting the negotiation
    Mar 16 10:59:25 fw1 kmd[2029]: IPSec negotiation failed with error: Internal Error: IPSec SA installation failed. IKE Version: 2, VPN: syd-vpn Gateway: syd-gateway, Local: 1.2.3.4/500, Remote: 5.6.7.8/500, Local IKE-ID: 1.2.3.4, Remote IKE-ID: 5.6.7.8, VR-ID: 0
    Mar 16 10:59:25 fw1 kmd[2029]: KMD_VPN_DOWN_ALARM_USER: VPN syd-vpn from 5.6.7.8 is down. Local-ip: 1.2.3.4, gateway name: syd-gateway, vpn name: syd-vpn, tunnel-id: 131080, local tunnel-if: st0.7, remote tunnel-ip: Not-Available, Local IKE-ID: 1.2.3.4, Remote IKE-ID: 5.6.7.8, AAA username: Not-Applicable, VR id: 0, Traffic-selector: , Traffic-selector local ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0), Traffic-selector remote ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0), SA Type: Static, Reason: IPSec SAs cleared as corresponding IKE SA deleted

    I have not been able to find any mention of the "IPSec sa negotiation loop detected" error and not sure where to look from here.
    Any help would be greatly appreciated.

    ------------------------------
    Michael M
    ------------------------------