SRX

 View Only
last person joined: yesterday 

Ask questions and share experiences about the SRX Series.
  • 1.  IPSEC Site-to-Site between SRX and Alibaba Cloud

    Posted 11 days ago
    Hi all,

    Anyone here has experience bring up IPSEC site-to-site between SRX to ALibaba Cloud. I'm already follow the url on ALibaba cloud on SRX portion but tunnel phase 1 still not establish (using IKEv1).  Actually the Alibaba Cloud is behind of NAT or not?


    Thanks and appreciate any feedback


  • 2.  RE: IPSEC Site-to-Site between SRX and Alibaba Cloud

    Posted 10 days ago
    For phase 1 not coming up try enabling logging and review the detail logs per this documentation.

    https://supportportal.juniper.net/s/article/SRX-How-to-troubleshoot-IKE-Phase-1-VPN-connection-issues

    The overall list of all IPSEC troubleshooting are documented here to find the right detail article for the situation.
    https://www.juniper.net/documentation/us/en/software/junos/vpn-ipsec/topics/task/srx-troubleshooting-vpn-tunnel-that-is-down.html

    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
    http://puluka.com/home
    ------------------------------



  • 3.  RE: IPSEC Site-to-Site between SRX and Alibaba Cloud

    Posted 10 days ago
    Hi Spuluka,

    We already enable all point need to troubleshoot. The issue is now the peer claim they already do correct config. So that's the reason i ask whether anyone here has ecprience do IPSEC between SRX to Alibaba Cloud.


    Thanks


  • 4.  RE: IPSEC Site-to-Site between SRX and Alibaba Cloud

     
    Posted 10 days ago
    Hello 

    I donot have experiance specific with Alibaba Cloud, however can try to help on what the issue could be. 
    Can you share the below details:

    Is both phase1 and Phase2 down ?
    Is it IkeV1 or V2 
    output of >show security ipsec inactive-tunnels 


    Regards,



    ------------------------------
    Brijil R
    ------------------------------



  • 5.  RE: IPSEC Site-to-Site between SRX and Alibaba Cloud

    Posted 10 days ago
    HI brijil,


    The phase 1 still not establish (we using ike v1). We can see the log from juniper was "no proposal chosen" when we do traceoption n datapath-debug.


    Thanks