SRX

 View Only
last person joined: 20 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  IPSEC-VPN, Logs from remote tunnel-IP

    Posted 04-16-2024 19:55

    I configured an SRX1500 with multiple IPSEC-VPNs and saw in the logs that the remote tunnel-IP is shown with the wrong IP address. It was observed in the log that the IP is displayed reversed: 

    For example, the correct IP of the tunnel is 172.24.21.20 but the log shows 20.21.24.172, anyone know why this happened?

    This confusion is critical because collecting the logs on the syslog server generates alarms or events that are not real.

    Thanks in advanced



    ------------------------------
    Alfonso Delgado
    ------------------------------



  • 2.  RE: IPSEC-VPN, Logs from remote tunnel-IP

    Posted 04-16-2024 20:04

    I don't follow the issue.  The two addresses seem unrelated as 172.24.21.20 is a private RFC1918 ip address typically used for the internal traffic or st0 interfaces and  20.21.24.172 is a standard public ip which would be external gateway addresses.

    Maybe share the log message that is not as expected and what you are looking for in the logs?



    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
    http://puluka.com/home
    ------------------------------



  • 3.  RE: IPSEC-VPN, Logs from remote tunnel-IP

    Posted 04-17-2024 18:36

    Hi,

    I shared the message: We know the remote tunnel-ip that is 172.28.24.14. It´s a internal IP. We don't have external connections.

    "gateway name: IKE-GW-103, vpn name: IPSEC-VPN-103, tunnel-id: 131076, local tunnel-if: st0.103, remote tunnel-ip: 14.20.28.172"

    I think that's the reason, but I wanted to confirm that it is a bug.

    In my case we analyze the log with the customer and we have to give explanations for that result or that possible public IP, which is not correct because it is the internal network.

    Is there any channel to report these cases?  We can obtain any official information from the vendor?  May is something related to the firmware? 



    ------------------------------
    Alfonso Delgado
    ------------------------------



  • 4.  RE: IPSEC-VPN, Logs from remote tunnel-IP
    Best Answer

    Posted 04-17-2024 10:52

    Alfonso, I can confirm, I have seen the exact same behavior. It seemed to me at the time to be just a cosmetic bug, so haven't opened a support case for it yet. But you bring a good point about it throwing off logging systems.

    Steve, in some log messages, when an IP address is converted into a string, it's read in reverse byte order. So an actual endpoint IP of 192.168.0.1, for example, appears as 1.0.168.192 in the logs. It's not every in every log message, but some IPs in some log messages are reversed like that.



    ------------------------------
    Nikolay Semov
    ------------------------------



  • 5.  RE: IPSEC-VPN, Logs from remote tunnel-IP

    Posted 04-17-2024 18:36

    Thanks Nikolay,

    I think that's the reason, but I wanted to confirm that it is a bug.

    In my case we analyze the log with the customer and we have to give explanations for that result or that possible public IP, which is not correct because it is the internal network.

    Is there any channel to report these cases?.  May is regarding to the firmware version?

    Thanks.



    ------------------------------
    Alfonso Delgado
    ------------------------------



  • 6.  RE: IPSEC-VPN, Logs from remote tunnel-IP

    Posted 04-17-2024 18:44

    You should open a case with Juniper TAC if you have an active support contract.



    ------------------------------
    Nikolay Semov
    ------------------------------