NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

marcobravissimo's avatar
marcobravissimo
Aspirant
Oct 09, 2017

VPN gateway to gateway SRX5308 IPsec SA Established but no traffic

 

I have 2 srx5308 last firmware upgrated. i

I have two SRX5308 connected gateway to gateway, connect IPsec SA Established but do no traffic. One of them runs the trafficbut the arrive to lan destiantion, if i can tray to monitoring--> ping the result is filed and i can tray Tracerute--> filed I attacced the log:

ONE the make traffic:

Mon Oct 09 18:29:25 2017 (GMT +0200): [SRX5308] [IKE] INFO:  [IPSEC_VPN] IPsec-SA established: ESP/Tunnel 195.88.99.194 ->195.100.200.194 with spi=235890753(0xe0f6841)

Mon Oct 09 18:29:25 2017 (GMT +0200): [SRX5308] [IKE] INFO:  [IPSEC_VPN] IPsec-SA established: ESP/Tunnel 195.223.231.194->195.88.99.194  with spi=45451481(0x2b588d9)

Mon Oct 09 18:29:25 2017 (GMT +0200): [SRX5308] [IKE] INFO:  Initiating new phase 2 negotiation: 195.88.99.194 [0]<=>195.223.231.194[0]

Mon Oct 09 18:29:25 2017 (GMT +0200): [SRX5308] [IKE] INFO:  Configuration found for 195.223.231.194.

Mon Oct 09 18:29:25 2017 (GMT +0200): [SRX5308] [IKE] INFO:  Configuration found for 195.223.231.194.

Mon Oct 09 18:29:25 2017 (GMT +0200): [SRX5308] [IKE] INFO:  Using IPsec SA configuration: 10.1.10.0/24<->10.2.10.0/24

Mon Oct 09 18:29:08 2017 (GMT +0200): [SRX5308] [IKE] INFO:  [IPSEC_VPN] Purged IPsec-SA with proto_id=ESP and spi=198068733(0xbce49fd).

Mon Oct 09 18:29:08 2017 (GMT +0200): [SRX5308] [IKE] INFO:  [IPSEC_VPN] Purged IPsec-SA with proto_id=ESP and spi=162319720(0x9accd68).

Mon Oct 09 18:29:08 2017 (GMT +0200): [SRX5308] [IKE] INFO:  an undead schedule has been deleted: 'pk_recvupdate'.

Mon Oct 09 18:29:03 2017 (GMT +0200): [SRX5308] [IKE] INFO:  [IPSEC_VPN] IPsec-SA established: ESP/Tunnel 195.88.99.194 ->195.100.200.194 with spi=162319720(0x9accd68)

Mon Oct 09 18:29:03 2017 (GMT +0200): [SRX5308] [IKE] INFO:  [IPSEC_VPN] IPsec-SA established: ESP/Tunnel 195.223.231.194->195.88.99.194  with spi=198068733(0xbce49fd)

Mon Oct 09 18:29:03 2017 (GMT +0200): [SRX5308] [IKE] INFO:  Initiating new phase 2 negotiation: 195.88.99.194 [0]<=>195.223.231.194[0]

Mon Oct 09 18:29:03 2017 (GMT +0200): [SRX5308] [IKE] INFO:  Configuration found for 195.223.231.194.

Mon Oct 09 18:29:03 2017 (GMT +0200): [SRX5308] [IKE] INFO:  Configuration found for 195.223.231.194.

Mon Oct 09 18:29:03 2017 (GMT +0200): [SRX5308] [IKE] INFO:  Using IPsec SA configuration: 10.1.10.0/24<->10.2.10.0/24

Mon Oct 09 18:29:02 2017 (GMT +0200): [SRX5308] [IKE] INFO:  [IPSEC_VPN] Purged IPsec-SA with proto_id=ESP and spi=31270826(0x1dd27aa).

Mon Oct 09 18:29:02 2017 (GMT +0200): [SRX5308] [IKE] INFO:  [IPSEC_VPN] Purged IPsec-SA with proto_id=ESP and spi=128931250(0x7af55b2).

Mon Oct 09 18:29:02 2017 (GMT +0200): [SRX5308] [IKE] INFO:  an undead schedule has been deleted: 'pk_recvupdate'.

 SECOND firewall no-traffic:

 

Mon Oct 09 18:30:51 2017 (GMT +0200): [SRX5308] [IKE] INFO:  [IPSEC_VPN] IPsec-SA established: ESP/Tunnel 195.88.99.194->195.88.99.194- with spi=45451481(0x2b588d9)

Mon Oct 09 18:30:51 2017 (GMT +0200): [SRX5308] [IKE] INFO:  [IPSEC_VPN] IPsec-SA established: ESP/Tunnel 195.88.99.194-->195.88.99.194 with spi=235890753(0xe0f6841)

Mon Oct 09 18:30:51 2017 (GMT +0200): [SRX5308] [IKE] INFO:  Using IPsec SA configuration: 10.2.10.0/24<->10.1.10.0/24

Mon Oct 09 18:30:51 2017 (GMT +0200): [SRX5308] [IKE] INFO:  Responding to new phase 2 negotiation: 195.88.99.194[0]<=>195.88.99.194-[0]

Mon Oct 09 18:30:33 2017 (GMT +0200): [SRX5308] [IKE] INFO:  Phase 2 sa deleted 195.88.99.194-195.88.99.194-

Mon Oct 09 18:30:33 2017 (GMT +0200): [SRX5308] [IKE] INFO:  Sending Informational Exchange: delete payload[]

Mon Oct 09 18:30:33 2017 (GMT +0200): [SRX5308] [IKE] INFO:  [IPSEC_VPN] Flushing SAs for peer "195.88.99.194-" with spi 198068733

Mon Oct 09 18:30:29 2017 (GMT +0200): [SRX5308] [IKE] INFO:  [IPSEC_VPN] IPsec-SA established: ESP/Tunnel 195.88.99.194->195.88.99.194- with spi=198068733(0xbce49fd)

Mon Oct 09 18:30:29 2017 (GMT +0200): [SRX5308] [IKE] INFO:  [IPSEC_VPN] IPsec-SA established: ESP/Tunnel 195.88.99.194-->195.88.99.194 with spi=162319720(0x9accd68)

Mon Oct 09 18:30:29 2017 (GMT +0200): [SRX5308] [IKE] INFO:  Using IPsec SA configuration: 10.2.10.0/24<->10.1.10.0/24

Mon Oct 09 18:30:29 2017 (GMT +0200): [SRX5308] [IKE] INFO:  Responding to new phase 2 negotiation: 195.88.99.194[0]<=>195.88.99.194-[0]

Mon Oct 09 18:30:28 2017 (GMT +0200): [SRX5308] [IKE] INFO:  Phase 2 sa deleted 195.88.99.194-195.88.99.194-

Mon Oct 09 18:30:28 2017 (GMT +0200): [SRX5308] [IKE] INFO:  Sending Informational Exchange: delete payload[

Mon Oct 09 16:30:28 2017 (GMT +0000): [SRX5308] [IKE] INFO:  [IPSEC_VPN] Flushing SAs for peer "195.88.99.194-" with spi 31270826

grazie mille

 

Before You Buy
Installation
Solutions
VPN

3 Replies

  • JohnC_V's avatar
    JohnC_V
    NETGEAR Moderator
    Oct 11, 2017

    Hi marcobravissimo,

     

    Welcome to our community!

     

    May you be able to attach some screenshots of your configurations?

     

    Regards.

      • JohnC_V's avatar
        JohnC_V
        NETGEAR Moderator
        Oct 16, 2017

        marcobravissimo,

         

        Thank you for your attachments. How is everything connected from these firewalls? Are they connected directly to the back of the modem or Is it connected to a router? If it is still connected to a router, I may advise you to double check if the router was set to full bridge mode. Also, update the firmware to latest version.

         

        Thank you!

         

        Regards,

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More