You should open a case with Juniper TAC if you have an active support contract.
Original Message:
Sent: 04-17-2024 16:09
From: Alfonso Delgado
Subject: IPSEC-VPN, Logs from remote tunnel-IP
Thanks Nikolay,
I think that's the reason, but I wanted to confirm that it is a bug.
In my case we analyze the log with the customer and we have to give explanations for that result or that possible public IP, which is not correct because it is the internal network.
Is there any channel to report these cases?. May is regarding to the firmware version?
Thanks.
------------------------------
Alfonso Delgado
Original Message:
Sent: 04-17-2024 09:27
From: Nikolay Semov
Subject: IPSEC-VPN, Logs from remote tunnel-IP
Alfonso, I can confirm, I have seen the exact same behavior. It seemed to me at the time to be just a cosmetic bug, so haven't opened a support case for it yet. But you bring a good point about it throwing off logging systems.
Steve, in some log messages, when an IP address is converted into a string, it's read in reverse byte order. So an actual endpoint IP of 192.168.0.1, for example, appears as 1.0.168.192 in the logs. It's not every in every log message, but some IPs in some log messages are reversed like that.
------------------------------
Nikolay Semov
Original Message:
Sent: 04-16-2024 18:02
From: Alfonso Delgado
Subject: IPSEC-VPN, Logs from remote tunnel-IP
I configured an SRX1500 with multiple IPSEC-VPNs and saw in the logs that the remote tunnel-IP is shown with the wrong IP address. It was observed in the log that the IP is displayed reversed:
For example, the correct IP of the tunnel is 172.24.21.20 but the log shows 20.21.24.172, anyone know why this happened?
This confusion is critical because collecting the logs on the syslog server generates alarms or events that are not real.
Thanks in advanced
------------------------------
Alfonso Delgado
------------------------------