Check the MTU of the physical interface, some GigE interface modules on the J-Series routers only support 9014 bytes, Junos allows you to set to 9192, try to drop the MTU value to 9000 bytes.
On Wednesday, March 20, 2013, Bill Sandiford wrote: > Here is some outputŠIP addresses sanitized with x.x.x.x of course > > > show security ipsec security-associations > Total active tunnels: 1 > ID Gateway Port Algorithm SPI Life:sec/kb Mon > vsys > <131073 x.x.x.x 500 ESP:3des/md5 28c1a297 2675/ 838856 - > root > >131073 x.x.x.x 500 ESP:3des/md5 7765d008 2675/ 838856 - > root > > > > show interfaces st0 > Physical interface: st0, Enabled, Physical link is Up > Interface index: 129, SNMP ifIndex: 152 > Type: Secure-Tunnel, Link-level type: Secure-Tunnel, MTU: 9192 > Device flags : Present Running > Interface flags: Point-To-Point > Input rate : 0 bps (0 pps) > Output rate : 0 bps (0 pps) > > Logical interface st0.0 (Index 69) (SNMP ifIndex 597) > Flags: Point-To-Point SNMP-Traps Encapsulation: Secure-Tunnel > Input packets : 0 > Output packets: 0 > Security: Zone: trust > Allowed host-inbound traffic : any-service bfd bgp dvmrp igmp ldp msdp > nhrp ospf > pgm pim rip router-discovery rsvp sap vrrp > Protocol inet, MTU: 9192 > Flags: Sendbcast-pkt-to-re > > > > > > > > > > > On 2013-03-20 11:28 AM, "Bjørn Tore" <b...@paulen.net <javascript:;>> wrote: > > >Are the st-interfaces UP? What does show security ipsec > >security-associations say? (Am offline; spellcheck needed...) > > > >Bjørn Tore @ mobil > > > >Den 20. mars 2013 kl. 15:46 skrev Bill Sandiford > ><b...@telnetcommunications.com <javascript:;>>: > > > >> Hi All, > >> > >> I need some help with an IPSEC tunnel that I just can't seem to get > >>working on a J-6350. I have been able to get the tunnels to come up, > >>but can't seem to pass traffic over the tunnels > >> > >> I've done the usual things. I've created an st0.0 interface and bound > >>it to the tunnel using the bind-interface command. I've created a > >>static route and pointed it at the st0.0 interface. I just can't seem > >>to get traffic to pass over the tunnel. > >> > >> Any help or suggestions would be appreciated. I'm also willing to put > >>a $$$ bounty on this for anyone that is willing to help me get it > >>working via teamviewer. > >> > >> Regards, > >> Bill > >> > >> > >> _______________________________________________ > >> juniper-nsp mailing list juniper-nsp@puck.nether.net <javascript:;> > >> https://puck.nether.net/mailman/listinfo/juniper-nsp > > > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net <javascript:;> > https://puck.nether.net/mailman/listinfo/juniper-nsp > _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp