Security

 View Only
last person joined: yesterday 

Ask questions and share experiences with Juniper Connected Security. Discuss Advanced Threat Protection, SecIntel, Secure Analytics, Secure Connect, Security Director, and all things related to Juniper security technologies.
  • 1.  IPSec sa negotiation loop

    Posted 03-16-2022 05:33
    Hi,

    I am setting up multiple IPsec tunnels between an SRX300 and a customers third party device, the tunnels come up for a few seconds only before getting the following error:

    Mar 16 10:59:25 fw1 kmd[2029]: IPSec sa negotiation loop detected for peer_ip=5.6.7.8, local_ip=1.2.3.4 ; rejecting the negotiation
    Mar 16 10:59:25 fw1 kmd[2029]: IPSec negotiation failed with error: Internal Error: IPSec SA installation failed. IKE Version: 2, VPN: syd-vpn Gateway: syd-gateway, Local: 1.2.3.4/500, Remote: 5.6.7.8/500, Local IKE-ID: 1.2.3.4, Remote IKE-ID: 5.6.7.8, VR-ID: 0
    Mar 16 10:59:25 fw1 kmd[2029]: KMD_VPN_DOWN_ALARM_USER: VPN syd-vpn from 5.6.7.8 is down. Local-ip: 1.2.3.4, gateway name: syd-gateway, vpn name: syd-vpn, tunnel-id: 131080, local tunnel-if: st0.7, remote tunnel-ip: Not-Available, Local IKE-ID: 1.2.3.4, Remote IKE-ID: 5.6.7.8, AAA username: Not-Applicable, VR id: 0, Traffic-selector: , Traffic-selector local ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0), Traffic-selector remote ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0), SA Type: Static, Reason: IPSec SAs cleared as corresponding IKE SA deleted

    I have not been able to find any mention of the "IPSec sa negotiation loop detected" error and not sure where to look from here.
    Any help would be greatly appreciated.

    ------------------------------
    Michael M
    ------------------------------