How about get sa cmd All my other working tunnels are in A/U except this one in A/U and I/U as shown below. Why would be my outgoing SA be Inactive, due to this I cannot tunnel traffic to the specific host.
0000008d< 192.168.8.8 500 esp:a256/md5 35153af8 3533 unlim A/U 159 0 0000008d> 192.168.8.8 500 esp:a256/md5 ea070377 3533 unlim I/U 160 0 0000008f< 192.168.8.8 500 esp:a256/md5 35153af9 3543 unlim A/U 161 0 0000008f> 192.168.8.8 500 esp:a256/md5 3e0376fe 3543 unlim I/U 162 0 Regards George On Mon, 2010-02-15 at 17:20 +0000, Humair Ali wrote: > Proxy id is just a value created by the source/destination and service > > what do you see in the event logs, what does the other end see ? > > post the logs related to the vpn in here > > > On 15 February 2010 16:16, George <gmb...@cellulant.com> wrote: > > Hello Ali > > I got no output in get ike cookie cmd for the remote peer, > below is the output of get sa (with IP replace). > > 0000008c< 192.168.8.8 500 esp:a256/md5 00000000 expir unlim > I/I 163 0 > 0000008c> 192.168.8.8 500 esp:a256/md5 00000000 expir unlim > I/I 164 0 > > I was reading this > > http://forums.juniper.net/t5/Firewalls/Strange-behaviour-on-proxy-id-in-relation-to-policy-based-VPN-s/td-p/17227;jsessionid=D03859B6C630C41327CB0AE8063DC5E5 > > there is something about multiple IP's in the destination, > what is proxyID about specifically. > > Regards > George > > > > > > On Mon, 2010-02-15 at 14:03 +0000, Humair Ali wrote: > > > Hi George > > > > well First thing first, > > > > if it was working and all of sudden it became intermittent, > > then what has changed in your network ? > > > > Does the remote end changed anything in terms of set up ? > > > > when you try to re-establish , you say it is not passing > > through the VPN , what do you see in your events logs ? > > > > if you do get ike cookie and get SA , what do you see ? > > > > Only route based vpn is bind to a Tunnel IF, policy basaed > > vpn is bind, well, to a policy with action "tunnel" (in the > > policy) > > > > > > On 15 February 2010 12:52, George <gmb...@cellulant.com> > > wrote: > > > > Hello > > > > We had a Juniper policy based VPN which was > > initially working, all of a > > sudden it became intermittent and we decided to > > re-do it. Now after > > redoing it, it refused to come up even as of now. > > How do i sort it, and can a policy based VPN be > > binded to a tunnel. For > > the policy im using the Mapped IP to tunnel the > > traffic to the remote > > host bust incidentally it is not passing through the > > VPN when I do a > > trace. > > > > Regards > > - ---- > > George Mburu N. > > Networks and Infrastructure > > Cellulant Group > > > > Life, is mobile.... > > - ---- > > _______________________________________________ > > juniper-nsp mailing list juniper-nsp@puck.nether.net > > https://puck.nether.net/mailman/listinfo/juniper-nsp > > > > > > > > > _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
