SRX

Expand all | Collapse all

Firefly IPSec

Jump to Best Answer
  • 1.  Firefly IPSec

     
    Posted 03-17-2015 07:00

    I've setup firefly on ESXi 5.5, and IPSec doesn't seem to be working.  It's all configured correctly but there is no ike association.  I ran a trce and there is some outout but no indication of establishing an SA. 

     

    [Mar 17 13:50:52]Error:No such file or directory in deleting ike debug blob
    [Mar 17 13:50:52]kmd_iked_cfgbuf_addrec: 535: ** Allocated recptr is c58, reclen = 0 **
    [Mar 17 13:50:52]kmd_iked_cfgbuf_addrec: 535: ** Allocated recptr is 44, reclen = 0 **
    [Mar 17 13:50:52]Error: Unknown record, type = 25

    [Mar 17 13:50:52]kmd_iked_cfgbuf_addrec: 535: ** Allocated recptr is 40, reclen = 141101518 **
    [Mar 17 13:50:52]kmd_iked_cfgbuf_addrec: 535: ** Allocated recptr is 4, reclen = 0 **
    [Mar 17 13:50:52]kmd_iked_cfgbuf_addrec: 535: ** Allocated recptr is 0, reclen = -1078471800 **
    [Mar 17 13:50:52]No SPUs are operational, returning.
    [Mar 17 13:50:52]Config download: Processed 3 - 4 messages
    [Mar 17 13:50:52]Config download time: 0 secs
    [Mar 17 13:50:52]iked_config_process_config_list, configuration diff complete

     

    Has anyone else come across this?

     

    Thanks.

    Mas



  • 2.  RE: Firefly IPSec
    Best Answer

    Posted 03-17-2015 08:05

     

    > [Mar 17 13:50:52]No SPUs are operational, returning.

     

    It looks like the dataplane in your vSRX device is not up.

     

    Are you able to ping the remote peer (or anything at all)? Do you have any interfaces?

     

    Please make sure that you use the default (and supported) VM settings, meaning 2GB RAM, 2GB disk etc. The only change allowed in the VM settings would be to add more NICs.

     

    Also, since your are using ESXi 5.5, make sure you use Junos 12.1X47. X46 did not support ESX5.5, but only 5.0 and 5.1.

     

    Hope it helps.

     

    Casper



  • 3.  RE: Firefly IPSec

     
    Posted 03-17-2015 08:08

    Hi Casper,

     

    Thanks for the reply, I deployed the latest version and it's all working ok now!

     

    Cheers.

    Mas