SRX

 View Only
last person joined: 3 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  Interpretation of Screen Shot

    Posted 10 days ago

    On the screenshot below is the IF St0.0 the remote side tunnel interface?

    Session ID: 4294995713, Policy name: BRIC-Apps-Servers/6, HA State: Stand-alone, Timeout: 20, Valid
      In: 10.253.252.6/11720 --> 10.25.50.43/443;tcp, Conn Tag: 0x0, If: st0.0, Pkts: 2, Bytes: 104,
      Out: 10.25.50.43/443 --> 10.253.252.6/11720;tcp, Conn Tag: 0x0, If: ge-0/0/4.0, Pkts: 2, Bytes: 104,

    The reason I ask is because I have a SRX with multiple tunnel interfaces that are unnumbered and for this client the local interface is st0.4

    I migrated yesterday from a old SSG5 to a SRX300 and some traffic seems to be working and some is not working.

    In this case the customer indicates they are not getting the web page back. 



    ------------------------------
    Paul Andreozzi
    ------------------------------


  • 2.  RE: Interpretation of Screen Shot

    Posted 9 days ago

    It seems like the session establishes via st0.0 and ge-0/0/4 unit 0. I guess there are two options, either the tunnel is tied to st0.0 and not st0.4 or the customer on st0.0 (another IPsec) uses the same address space. You can set an IP address on your st0 units if you like in order to make it easier to troubleshoot. This command should tell you a lot about which interfaces are used for various tunnels:

    > show security ike security-associations detail




  • 3.  RE: Interpretation of Screen Shot

    Posted 8 days ago
    My issue is resolved. Because I am using unnumbered tunnel interfaces I needed to fix my routes towards the tunnels.

    I appreciate the feedback 


    Paul Andreozzi
    Principal Network Engineer
    Lan-Tel
    3 Edgewater Drive
    SUITE 202
    NORWOOD, MA 02062
    PHONE: 800-551-8599
    CELL: 508-714-8310