Dear Alexandre, Please guide how can I fix this issue? It raise suddenly before this on same configuration ipsec tunnel was working fine for more than 5 to 6 months.
On Mon, Jun 25, 2018, 8:22 PM Alexandre Guimaraes < alexandre.guimar...@ascenty.com> wrote: > Sameer > > > Reason: IPSec SA delete payload received from peer, corresponding IPSec > SAs cleared > > > This is a phase 2 problem, maybe deadpeerdetection failure, VPN > monitoring failure, a failure during rekey when old SA is deleted > notification sent to delete old SA. Most of the cases. > > > > att > Alexandre > > Em 25 de jun de 2018, à(s) 03:42, sameer mughal <pcs.same...@gmail.com> > escreveu: > > both sites on srx. > following are the logs. > > show log junilog|match st0.15 > Jun 25 01:47:51 rpd[1867]: EVENT <UpDown> st0.15 index 86 <Broadcast > PointToPoint Multicast> > Jun 25 01:47:51 rpd[1867]: EVENT UpDown st0.15 index 86 <Broadcast > PointToPoint Multicast Localup> > Jun 25 01:47:51 rpd[1867]: EVENT UpDown st0.15 index 86 10.115.10.2 -> > 10.115.10.2 <Broadcast PointToPoint Multicast Localup> > Jun 25 01:47:51 kmd[1902]: KMD_VPN_DOWN_ALARM_USER: VPN IPSEC-15-VPN > from 103.229.87.66 is down. Local-ip: 124.29.233.138, gateway name: > IKE-U15-GW, vpn name: IPSEC-15-VPN, tunnel-id: 131075, local tunnel-if: > st0.15, remote tunnel-ip: 10.115.10.1, Local IKE-ID: 124.29.233.138, Remote > IKE-ID: 103.229.87.66, XAUTH username: Not-Applicable, VR id: 0, > Traffic-selector: , Traffic-selector local ID: ipv4_subnet(any:0,[0..7]= > 0.0.0.0/0), Traffic-selector remote ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0), > SA Type: Static, Reason: IPSec SA delete payload received from peer, > corresponding IPSec SAs cleared > Jun 25 01:47:51 mib2d[1865]: SNMP_TRAP_LINK_DOWN: ifIndex 588, > ifAdminStatus up(1), ifOperStatus down(2), ifName st0.15 > Jun 25 01:48:06 kmd[1902]: KMD_VPN_UP_ALARM_USER: VPN IPSEC-15-VPN from > 103.229.87.66 is up. Local-ip: 124.29.233.138, gateway name: IKE-U15-GW, > vpn name: IPSEC-15-VPN, tunnel-id: 131075, local tunnel-if: st0.15, remote > tunnel-ip: 10.115.10.1, Local IKE-ID: 124.29.233.138, Remote IKE-ID: > 103.229.87.66, XAUTH username: Not-Applicable, VR id: 0, Traffic-selector: > , Traffic-selector local ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0), > Traffic-selector remote ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0), SA Type: > Static > Jun 25 01:48:06 rpd[1867]: EVENT <UpDown> st0.15 index 86 <Up Broadcast > PointToPoint Multicast> > Jun 25 01:48:06 rpd[1867]: EVENT UpDown st0.15 index 86 <Up Broadcast > PointToPoint Multicast> > Jun 25 01:48:06 rpd[1867]: EVENT UpDown st0.15 index 86 10.115.10.2 -> > 10.115.10.2 <Up Broadcast PointToPoint Multicast> > Jun 25 01:48:06 mib2d[1865]: SNMP_TRAP_LINK_UP: ifIndex 588, > ifAdminStatus up(1), ifOperStatus up(1), ifName st0.15 > Jun 25 01:51:52 kmd[1902]: KMD_VPN_DOWN_ALARM_USER: VPN IPSEC-15-VPN > from 103.229.87.66 is down. Local-ip: 124.29.233.138, gateway name: > IKE-U15-GW, vpn name: IPSEC-15-VPN, tunnel-id: 131075, local tunnel-if: > st0.15, remote tunnel-ip: 10.115.10.1, Local IKE-ID: 124.29.233.138, Remote > IKE-ID: 103.229.87.66, XAUTH username: Not-Applicable, VR id: 0, > Traffic-selector: , Traffic-selector local ID: ipv4_subnet(any:0,[0..7]= > 0.0.0.0/0), Traffic-selector remote ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0), > SA Type: Static, Reason: IPSec SA delete payload received from peer, > corresponding IPSec SAs cleared > Jun 25 01:51:52 rpd[1867]: EVENT <UpDown> st0.15 index 86 <Broadcast > PointToPoint Multicast> > Jun 25 01:51:52 rpd[1867]: EVENT UpDown st0.15 index 86 <Broadcast > PointToPoint Multicast Localup> > Jun 25 01:51:52 rpd[1867]: EVENT UpDown st0.15 index 86 10.115.10.2 -> > 10.115.10.2 <Broadcast PointToPoint Multicast Localup> > Jun 25 01:51:52 mib2d[1865]: SNMP_TRAP_LINK_DOWN: ifIndex 588, > ifAdminStatus up(1), ifOperStatus down(2), ifName st0.15 > Jun 25 01:52:07 rpd[1867]: EVENT <UpDown> st0.15 index 86 <Up Broadcast > PointToPoint Multicast> > Jun 25 01:52:07 rpd[1867]: EVENT UpDown st0.15 index 86 <Up Broadcast > PointToPoint Multicast> > Jun 25 01:52:07 kmd[1902]: KMD_VPN_UP_ALARM_USER: VPN IPSEC-15-VPN from > 103.229.87.66 is up. Local-ip: 124.29.233.138, gateway name: IKE-U15-GW, > vpn name: IPSEC-15-VPN, tunnel-id: 131075, local tunnel-if: st0.15, remote > tunnel-ip: 10.115.10.1, Local IKE-ID: 124.29.233.138, Remote IKE-ID: > 103.229.87.66, XAUTH username: Not-Applicable, VR id: 0, Traffic-selector: > , Traffic-selector local ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0), > Traffic-selector remote ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0), SA Type: > Static > Jun 25 01:52:07 rpd[1867]: EVENT UpDown st0.15 index 86 10.115.10.2 -> > 10.115.10.2 <Up Broadcast PointToPoint Multicast> > Jun 25 01:52:07 mib2d[1865]: SNMP_TRAP_LINK_UP: ifIndex 588, > ifAdminStatus up(1), ifOperStatus up(1), ifName st0.15 > > {primary:node0} > > On Mon, Jun 25, 2018 at 3:03 AM, Alexandre Guimaraes < > alexandre.guimar...@ascenty.com> wrote: > >> Have you checked the errors? Do a deep Inspection and check the packets >> to see what’s the behavior that’s trigger the down state. Tcpdump Will give >> you hints. >> >> Both sides uses SRX? >> >> att >> Alexandre >> >> Em 24 de jun de 2018, à(s) 07:59, sameer mughal <pcs.same...@gmail.com> >> escreveu: >> >> > Hi All, >> > I am facing ipsec tunnel flapping issue on srx550. Both sides isp links >> are >> > up and stable but still tunnel is flapping. >> > Can anyone facing similar problem or any solution to fix this issue? >> > _______________________________________________ >> > juniper-nsp mailing list juniper-nsp@puck.nether.net >> > https://puck.nether.net/mailman/listinfo/juniper-nsp >> > > _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp