[j-nsp] Adding vsd-less cluster to NSM 20091.r1

Sun, 14 Mar 2010 05:14:33 -0700 

Hi,
we have 2 NSMXpress devices running in HA mode. The NSM version is 2009.1r1. 
We are trying to add a cluster of two isg2000 in VSD-less mode.
Using the NSM GUI we add the cluster and then the 1st member. The connection from NSM to the member isg2000 device works fine, the nsm related config is sent to the firewall. But when the firewall tries to connect to the NSM device server we see following entries in the /var/ netscreen/DevSvr/errorLog/deviceDaemon.0
[03/14/2010 12:22:55.970] [Error] [3086997184-nsRSA.c:189] RSA invalid header [03/14/2010 12:22:55.970] [Error] [3086997184-nsCryptoMTMPlug.c:1403] Could not verify connect message! [03/14/2010 12:22:55.970] [Error] [3086997184-nsCryptoMTMPlug.c:2203] nsCryptoMTMPlugServerRecv_S1() failed [03/14/2010 12:22:55.970] [Warning] [3086997184-nthConnPlug.c:374] NTHCONN: SSP device 10.247.1.52 (domainId 1, deviceId 30): denied connection due to key exchange failure [03/14/2010 12:22:55.971] [Notice] [3086997184-sessionPlug.c:3581] session returns NETPLUG_SEND_DISCONNECTED
We searched the net for solution and found following solution, the devices are still able to establish the SSP connection to NSM. The / var/netscreen/DevSvr/errorLog/deviceDaemon.0 file has following entries:
[03/14/2010 12:23:48.015] [Warning] [3086997184-nsCryptoMTMPlug.c: 2184] Device is attempting a first connection but DB thinks reconnect, repairing [03/14/2010 12:23:48.015] [Error] [3086997184-nsCryptoMTMPlug.c:897] Validation of key exchange request failed! [03/14/2010 12:23:48.015] [Warning] [3086997184-nthConnPlug.c:374] NTHCONN: SSP device 10.247.1.52 (domainId 1, deviceId 30): denied connection due to OTP mismatch [03/14/2010 12:23:48.015] [Notice] [3086997184-sessionPlug.c:3581] session returns NETPLUG_SEND_DISCONNECTED
We tried also to import the device as not reachable - but the result was the same. 

Could you please advise us how to proceed?

Thanks
Alex
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Reply via email to