- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
VPN gateway to gateway SRX5308 IPsec SA Established but no traffic
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
VPN gateway to gateway SRX5308 IPsec SA Established but no traffic
I have 2 srx5308 last firmware upgrated. i
I have two SRX5308 connected gateway to gateway, connect IPsec SA Established but do no traffic. One of them runs the trafficbut the arrive to lan destiantion, if i can tray to monitoring--> ping the result is filed and i can tray Tracerute--> filed I attacced the log:
ONE the make traffic:
Mon Oct 09 18:29:25 2017 (GMT +0200): [SRX5308] [IKE] INFO: [IPSEC_VPN] IPsec-SA established: ESP/Tunnel 195.88.99.194 ->195.100.200.194 with spi=235890753(0xe0f6841)
Mon Oct 09 18:29:25 2017 (GMT +0200): [SRX5308] [IKE] INFO: [IPSEC_VPN] IPsec-SA established: ESP/Tunnel 195.223.231.194->195.88.99.194 with spi=45451481(0x2b588d9)
Mon Oct 09 18:29:25 2017 (GMT +0200): [SRX5308] [IKE] INFO: Initiating new phase 2 negotiation: 195.88.99.194 [0]<=>195.223.231.194[0]
Mon Oct 09 18:29:25 2017 (GMT +0200): [SRX5308] [IKE] INFO: Configuration found for 195.223.231.194.
Mon Oct 09 18:29:25 2017 (GMT +0200): [SRX5308] [IKE] INFO: Configuration found for 195.223.231.194.
Mon Oct 09 18:29:25 2017 (GMT +0200): [SRX5308] [IKE] INFO: Using IPsec SA configuration: 10.1.10.0/24<->10.2.10.0/24
Mon Oct 09 18:29:08 2017 (GMT +0200): [SRX5308] [IKE] INFO: [IPSEC_VPN] Purged IPsec-SA with proto_id=ESP and spi=198068733(0xbce49fd).
Mon Oct 09 18:29:08 2017 (GMT +0200): [SRX5308] [IKE] INFO: [IPSEC_VPN] Purged IPsec-SA with proto_id=ESP and spi=162319720(0x9accd68).
Mon Oct 09 18:29:08 2017 (GMT +0200): [SRX5308] [IKE] INFO: an undead schedule has been deleted: 'pk_recvupdate'.
Mon Oct 09 18:29:03 2017 (GMT +0200): [SRX5308] [IKE] INFO: [IPSEC_VPN] IPsec-SA established: ESP/Tunnel 195.88.99.194 ->195.100.200.194 with spi=162319720(0x9accd68)
Mon Oct 09 18:29:03 2017 (GMT +0200): [SRX5308] [IKE] INFO: [IPSEC_VPN] IPsec-SA established: ESP/Tunnel 195.223.231.194->195.88.99.194 with spi=198068733(0xbce49fd)
Mon Oct 09 18:29:03 2017 (GMT +0200): [SRX5308] [IKE] INFO: Initiating new phase 2 negotiation: 195.88.99.194 [0]<=>195.223.231.194[0]
Mon Oct 09 18:29:03 2017 (GMT +0200): [SRX5308] [IKE] INFO: Configuration found for 195.223.231.194.
Mon Oct 09 18:29:03 2017 (GMT +0200): [SRX5308] [IKE] INFO: Configuration found for 195.223.231.194.
Mon Oct 09 18:29:03 2017 (GMT +0200): [SRX5308] [IKE] INFO: Using IPsec SA configuration: 10.1.10.0/24<->10.2.10.0/24
Mon Oct 09 18:29:02 2017 (GMT +0200): [SRX5308] [IKE] INFO: [IPSEC_VPN] Purged IPsec-SA with proto_id=ESP and spi=31270826(0x1dd27aa).
Mon Oct 09 18:29:02 2017 (GMT +0200): [SRX5308] [IKE] INFO: [IPSEC_VPN] Purged IPsec-SA with proto_id=ESP and spi=128931250(0x7af55b2).
Mon Oct 09 18:29:02 2017 (GMT +0200): [SRX5308] [IKE] INFO: an undead schedule has been deleted: 'pk_recvupdate'.
SECOND firewall no-traffic:
Mon Oct 09 18:30:51 2017 (GMT +0200): [SRX5308] [IKE] INFO: [IPSEC_VPN] IPsec-SA established: ESP/Tunnel 195.88.99.194->195.88.99.194- with spi=45451481(0x2b588d9)
Mon Oct 09 18:30:51 2017 (GMT +0200): [SRX5308] [IKE] INFO: [IPSEC_VPN] IPsec-SA established: ESP/Tunnel 195.88.99.194-->195.88.99.194 with spi=235890753(0xe0f6841)
Mon Oct 09 18:30:51 2017 (GMT +0200): [SRX5308] [IKE] INFO: Using IPsec SA configuration: 10.2.10.0/24<->10.1.10.0/24
Mon Oct 09 18:30:51 2017 (GMT +0200): [SRX5308] [IKE] INFO: Responding to new phase 2 negotiation: 195.88.99.194[0]<=>195.88.99.194-[0]
Mon Oct 09 18:30:33 2017 (GMT +0200): [SRX5308] [IKE] INFO: Phase 2 sa deleted 195.88.99.194-195.88.99.194-
Mon Oct 09 18:30:33 2017 (GMT +0200): [SRX5308] [IKE] INFO: Sending Informational Exchange: delete payload[]
Mon Oct 09 18:30:33 2017 (GMT +0200): [SRX5308] [IKE] INFO: [IPSEC_VPN] Flushing SAs for peer "195.88.99.194-" with spi 198068733
Mon Oct 09 18:30:29 2017 (GMT +0200): [SRX5308] [IKE] INFO: [IPSEC_VPN] IPsec-SA established: ESP/Tunnel 195.88.99.194->195.88.99.194- with spi=198068733(0xbce49fd)
Mon Oct 09 18:30:29 2017 (GMT +0200): [SRX5308] [IKE] INFO: [IPSEC_VPN] IPsec-SA established: ESP/Tunnel 195.88.99.194-->195.88.99.194 with spi=162319720(0x9accd68)
Mon Oct 09 18:30:29 2017 (GMT +0200): [SRX5308] [IKE] INFO: Using IPsec SA configuration: 10.2.10.0/24<->10.1.10.0/24
Mon Oct 09 18:30:29 2017 (GMT +0200): [SRX5308] [IKE] INFO: Responding to new phase 2 negotiation: 195.88.99.194[0]<=>195.88.99.194-[0]
Mon Oct 09 18:30:28 2017 (GMT +0200): [SRX5308] [IKE] INFO: Phase 2 sa deleted 195.88.99.194-195.88.99.194-
Mon Oct 09 18:30:28 2017 (GMT +0200): [SRX5308] [IKE] INFO: Sending Informational Exchange: delete payload[
Mon Oct 09 16:30:28 2017 (GMT +0000): [SRX5308] [IKE] INFO: [IPSEC_VPN] Flushing SAs for peer "195.88.99.194-" with spi 31270826
grazie mille
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: VPN gateway to gateway SRX5308 IPsec SA Established but no traffic
Hi marcobravissimo,
Welcome to our community!
May you be able to attach some screenshots of your configurations?
Regards.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: VPN gateway to gateway SRX5308 IPsec SA Established but no traffic
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: VPN gateway to gateway SRX5308 IPsec SA Established but no traffic
Thank you for your attachments. How is everything connected from these firewalls? Are they connected directly to the back of the modem or Is it connected to a router? If it is still connected to a router, I may advise you to double check if the router was set to full bridge mode. Also, update the firmware to latest version.
Thank you!
Regards,