SRX

 View Only
last person joined: 17 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  IPSEC Site-to-Site between SRX and Alibaba Cloud

    Posted 11-22-2022 10:43
    Hi all,

    Anyone here has experience bring up IPSEC site-to-site between SRX to ALibaba Cloud. I'm already follow the url on ALibaba cloud on SRX portion but tunnel phase 1 still not establish (using IKEv1).  Actually the Alibaba Cloud is behind of NAT or not?


    Thanks and appreciate any feedback


  • 2.  RE: IPSEC Site-to-Site between SRX and Alibaba Cloud

    Posted 11-22-2022 19:07
    For phase 1 not coming up try enabling logging and review the detail logs per this documentation.

    https://supportportal.juniper.net/s/article/SRX-How-to-troubleshoot-IKE-Phase-1-VPN-connection-issues

    The overall list of all IPSEC troubleshooting are documented here to find the right detail article for the situation.
    https://www.juniper.net/documentation/us/en/software/junos/vpn-ipsec/topics/task/srx-troubleshooting-vpn-tunnel-that-is-down.html

    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
    http://puluka.com/home
    ------------------------------



  • 3.  RE: IPSEC Site-to-Site between SRX and Alibaba Cloud

    Posted 11-22-2022 21:48
    Hi Spuluka,

    We already enable all point need to troubleshoot. The issue is now the peer claim they already do correct config. So that's the reason i ask whether anyone here has ecprience do IPSEC between SRX to Alibaba Cloud.


    Thanks


  • 4.  RE: IPSEC Site-to-Site between SRX and Alibaba Cloud

     
    Posted 11-22-2022 22:20
    Hello 

    I donot have experiance specific with Alibaba Cloud, however can try to help on what the issue could be. 
    Can you share the below details:

    Is both phase1 and Phase2 down ?
    Is it IkeV1 or V2 
    output of >show security ipsec inactive-tunnels 


    Regards,



    ------------------------------
    Brijil R
    ------------------------------



  • 5.  RE: IPSEC Site-to-Site between SRX and Alibaba Cloud

    Posted 11-23-2022 07:51
    HI brijil,


    The phase 1 still not establish (we using ike v1). We can see the log from juniper was "no proposal chosen" when we do traceoption n datapath-debug.


    Thanks