Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - newmoon

Pages: [1]
1
Switches / EX3300 doesn't show static routes in J-web
« on: December 17, 2015, 03:58:32 pm »
The switch lost power so I got the usual warning message via cli login.
request system reboot slice alternate media internal.........

So now the switch bootet from the Active Partition, but when login via j-web, I see no static routs.
Via cli it shows the static routes.

Anyone ever had this problem?

THX newmoon

2
Fellow sufferers,
I’ve been trying to establish a site to site IPSec VPN Tunnel with 1 Dyndns address and 1 static IP address between a mikrotik router and a SRX240 firewall.
The Mikrotik Router connects to the Internet via a dynamic IP address.
The SRX has a static IP address.
When I configure the VPN tunnel with 2 static IP addresses (SRX+Mikrotik), I get a VPN connection without any trouble.
Unfortunately, I have to use a dynamic IP address with the Mikrotik router in real life.
Now the problem starts.
When I configure the “same” VPN tunnel with a dynamic IP address on the Mikrotik router,
I can not establish a tunnel.
Config SRX:
set security ike policy IKE_POLICY_BB_TEST mode aggressive
set security ike policy IKE_POLICY_BB_TEST proposal-set standard
set security ike gateway IKE_GATE_BB_TEST ike-policy IKE_POLICY_BB_TEST
set security ike gateway IKE_GATE_BB_TEST dynamic hostname dsl.dyndns.org
set security ipsec policy IPSEC_POLICY_BB_TEST proposal-set standard
set security ipsec vpn IPSEC_VPN_BB_TEST ike gateway IKE_GATE_BB_TEST
set security ipsec vpn IPSEC_VPN_BB_TEST ike ipsec-policy IPSEC_POLICY_BB_TEST
set security ipsec vpn IPSEC_VPN_BB_TEST establish-tunnels immediately
set security ipsec policy IPSEC_POLICY_BB_TEST perfect-forward-secrecy keys group2
Log on the SRX shows this:

IKE Phase-1: (Responder) Policy lookup failed [local_ip=2.6.1.5 remote_ip=2.1.1.1]
KMD_VPN_PV_PHASE1: IKE Phase-1 Failure: No proposal chosen [spi=(null), src_ip=2.6.1.5, dst_ip=2.1.1.1]
IKE negotiation failed with error: No proposal chosen. IKE Version: 1, VPN: Not-Available Gateway: Not-Available, Local: 2.6.1.5/500, Remote: 2.1.1.1/500, Local IKE-ID: Not-Available, Remote IKE-ID: Not-Available, VR-ID: 0

Mikrotik config:
Things I've change from a working config (static IP), to a non working config (dynamic IP) :
SA Src Address: xxx.xxx.xxx.xxx -> 0.0.0.0
Exchange Mode: main -> aggressive
My ID User FQDN: nothing -> dsl.dyndns.org



Mikrotik Log shows:

10:26:30 ipsec,debug initiate new phase 1 negotiation: 2.1.1.1[500]<=>2.6.1.5[500]
10:26:30 ipsec,debug begin Aggressive mode.
10:26:30 ipsec,debug,packet new cookie:
10:26:30 ipsec,debug,packet 245727f2af4a03dd 
10:26:30 ipsec,debug,packet use ID type of User_FQDN
10:26:30 ipsec,debug,packet compute DH's private.
10:26:30 ipsec,debug,packet 79f74668 061408cc 4bdbe4ea 5e16a53d 557c1d00 e1023d4b 945a61c4 914dd0e0
10:26:30 ipsec,debug,packet 04b2d7a7 a35575c4 f16c4b5d cb74640a 1acfa74b 707dc227 a6adb22c 2fdf903f
10:26:30 ipsec,debug,packet compute DH's public.
10:26:30 ipsec,debug,packet 845989ea 12dc7b82 1fff2572 ed6a7e4b 265db0ca c60fdfc3 258ca643 815421b5
10:26:30 ipsec,debug,packet 245c6a3d 7c589c65 aee76160 28a6bd57 387eb3e3 9a693acb c22f8413 1ba1d1d4
10:26:30 ipsec,debug,packet authmethod is pre-shared key
10:26:30 ipsec,debug,packet add payload of len 52, next type 4
10:26:30 ipsec,debug,packet add payload of len 128, next type 10
10:26:30 ipsec,debug,packet add payload of len 24, next type 5
10:26:30 ipsec,debug,packet add payload of len 33, next type 13
10:26:30 ipsec,debug,packet add payload of len 16, next type 13
10:26:30 ipsec,debug,packet add payload of len 16, next type 13
10:26:30 ipsec,debug,packet add payload of len 16, next type 13
10:26:30 ipsec,debug,packet add payload of len 16, next type 13
10:26:30 ipsec,debug,packet add payload of len 16, next type 13
10:26:30 ipsec,debug,packet add payload of len 16, next type 13
10:26:30 ipsec,debug,packet add payload of len 16, next type 13
10:26:30 ipsec,debug,packet add payload of len 16, next type 13
10:26:30 ipsec,debug,packet add payload of len 16, next type 13
10:26:30 ipsec,debug,packet add payload of len 16, next type 13
10:26:30 ipsec,debug,packet add payload of len 16, next type 13
10:26:30 ipsec,debug,packet add payload of len 16, next type 13
10:26:30 ipsec,debug,packet add payload of len 16, next type 0
10:26:30 ipsec,debug,packet 541 bytes from 2.1.1.1[500] to 2.6.1.5[500]
10:26:30 ipsec,debug,packet sockname 2.1.1.1[500]
10:26:30 ipsec,debug,packet send packet from 2.1.1.1[500]
10:26:30 ipsec,debug,packet send packet to 2.6.1.5[500]
10:26:30 ipsec,debug,packet src4 2.1.1.1[500]
10:26:30 ipsec,debug,packet dst4 2.6.1.5[500]
10:26:30 ipsec,debug,packet 1 times of 541 bytes message will be sent to 2.6.1.5[500]
10:26:30 ipsec,debug,packet 245727f2 af4a03dd 00000000 00000000 01100400 00000000 0000021d 04000038
10:26:30 ipsec,debug,packet 620d0000 14448515 2d18b6bb cd0be8a8 469579dd cc0d0000 1412f5f2 8c457168
10:26:30 ipsec,debug,packet a9702d9f e274cc01 00000000 14afcad7 1368a1f1 c96b8696 fc775701 00
10:26:30 ipsec,debug,packet resend phase1 packet 245727f2af4a03dd:0000000000000000
10:26:30 ipsec,debug,packet ==========
10:26:30 ipsec,debug,packet 102 bytes message received from 2.6.1.5[500] to 2.1.1.1[500]
10:26:30 ipsec,debug,packet 245727f2 af4a03dd 6d4b6a75 f3d9f1b3 0b100500 156448be 00000066 0000004a
10:26:30 ipsec,debug,packet 00000001 0110000e 245727f2 af4a03dd 6d4b6a75 f3d9f1b3 800c0001 00060022
10:26:30 ipsec,debug,packet 436f756c 64206e6f 74206669 6e642061 63636570 7461626c 65207072 6f706f73
10:26:30 ipsec,debug,packet 616c8008 0000
10:26:30 ipsec,debug,packet receive Information.
10:26:30 ipsec,debug,packet begin.
10:26:30 ipsec,debug,packet seen nptype=11(notify)
10:26:30 ipsec,debug,packet succeed.
10:26:30 ipsec,debug fatal NO-PROPOSAL-CHOSEN notify messsage, phase1 should be deleted.
10:26:30 ipsec,debug,packet notification message 14:NO-PROPOSAL-CHOSEN, doi=1 proto_id=1 spi=245727f2af4a03dd 6d4b6a75f3d9f1b3 (size=16).
10:26:30 ipsec,debug Message: '"Could not find acceptable proposal '.
10:26:40 ipsec,debug,packet 541 bytes from 2.1.1.1[500] to 2.6.1.5[500]
10:26:40 ipsec,debug,packet sockname 2.1.1.1[500]
10:26:40 ipsec,debug,packet send packet from 2.1.1.1[500]
10:26:40 ipsec,debug,packet send packet to 2.6.1.5[500]
10:26:40 ipsec,debug,packet src4 2.1.1.1[500]
10:26:40 ipsec,debug,packet dst4 2.6.1.5[500]
10:26:40 ipsec,debug,packet 1 times of 541 bytes message will be sent to 2.6.1.5[500]
10:26:40 ipsec,debug,packet 245727f2 af4a03dd 00000000 00000000 01100400 00000000 0000021d 04000038
10:26:40 ipsec,debug,packet 913ebb69 6e086381 b5ec427b 1f0d0000 1416f6ca 16e4a406 6d83821a 0f0aeaa8
10:26:40 ipsec,debug,packet 620d0000 14448515 2d18b6bb cd0be8a8 469579dd cc0d0000 1412f5f2 8c457168
10:26:40 ipsec,debug,packet a9702d9f e274cc01 00000000 14afcad7 1368a1f1 c96b8696 fc775701 00
10:26:40 ipsec,debug,packet resend phase1 packet 245727f2af4a03dd:0000000000000000
10:26:44 ipsec,debug phase2 negotiation failed due to time up waiting for phase1. ESP 2.6.1.5[500]->2.1.1.1[500] 
10:26:44 ipsec,debug delete phase 2 handler.
10:26:50 ipsec,debug,packet 541 bytes from 2.1.1.1[500] to 2.6.1.5[500]
10:26:50 ipsec,debug,packet sockname 2.1.1.1[500]
10:26:50 ipsec,debug,packet send packet from 2.1.1.1[500]
10:26:50 ipsec,debug,packet send packet to 2.6.1.5[500]
10:26:50 ipsec,debug,packet src4 2.1.1.1[500]
10:26:50 ipsec,debug,packet dst4 2.6.1.5[500]
10:26:50 ipsec,debug,packet 1 times of 541 bytes message will be sent to 2.6.1.5[500]
10:26:50 ipsec,debug,packet 245727f2 af4a03dd 00000000 00000000 01100400 00000000 0000021d 04000038
10:26:50 ipsec,debug,packet 620d0000 14448515 2d18b6bb cd0be8a8 469579dd cc0d0000 1412f5f2 8c457168
10:26:50 ipsec,debug,packet a9702d9f e274cc01 00000000 14afcad7 1368a1f1 c96b8696 fc775701 00
10:26:50 ipsec,debug,packet resend phase1 packet 245727f2af4a03dd:0000000000000000
10:26:50 ipsec,debug,packet ==========
10:26:50 ipsec,debug,packet 102 bytes message received from 2.6.1.5[500] to 2.1.1.1[500]
10:26:50 ipsec,debug,packet 245727f2 af4a03dd 6d4b6a75 f3d9f1b3 0b100500 156448be 00000066 0000004a
10:26:50 ipsec,debug,packet 436f756c 64206e6f 74206669 6e642061 63636570 7461626c 65207072 6f706f73
10:26:50 ipsec,debug,packet 616c8008 0000
10:26:50 ipsec,debug,packet receive Information.
10:26:50 ipsec,debug,packet begin.
10:26:50 ipsec,debug,packet seen nptype=11(notify)
10:26:50 ipsec,debug,packet succeed.
10:26:50 ipsec,debug fatal NO-PROPOSAL-CHOSEN notify messsage, phase1 should be deleted.
10:26:50 ipsec,debug,packet notification message 14:NO-PROPOSAL-CHOSEN, doi=1 proto_id=1 spi=245727f2af4a03dd 6d4b6a75f3d9f1b3 (size=16).
10:26:50 ipsec,debug Message: '"Could not find acceptable proposal '.
10:26:55 script,info DynDNS: dont need changes
10:27:00 ipsec,debug,packet 541 bytes from 2.1.1.1[500] to 2.6.1.5[500]
10:27:00 ipsec,debug,packet sockname 2.1.1.1[500]
10:27:00 ipsec,debug,packet send packet from 2.1.1.1[500]
10:27:00 ipsec,debug,packet send packet to 2.6.1.5[500]
10:27:00 ipsec,debug,packet src4 2.1.1.1[500]
10:27:00 ipsec,debug,packet dst4 2.6.1.5[500]
10:27:00 ipsec,debug,packet 1 times of 541 bytes message will be sent to 2.6.1.5[500]
10:27:00 ipsec,debug,packet 245727f2 af4a03dd 00000000 00000000 01100400 00000000 0000021d 04000038
10:27:00 ipsec,debug,packet 620d0000 14448515 2d18b6bb cd0be8a8 469579dd cc0d0000 1412f5f2 8c457168
10:27:00 ipsec,debug,packet a9702d9f e274cc01 00000000 14afcad7 1368a1f1 c96b8696 fc775701 00
10:27:00 ipsec,debug,packet resend phase1 packet 245727f2af4a03dd:0000000000000000
10:27:00 ipsec,debug,packet ==========
10:27:00 ipsec,debug,packet 102 bytes message received from 2.6.1.5[500] to 2.1.1.1[500]
10:27:00 ipsec,debug,packet 245727f2 af4a03dd 9c80f195 004de81e 0b100500 9824ec45 00000066 0000004a
10:27:00 ipsec,debug,packet 436f756c 64206e6f 74206669 6e642061 63636570 7461626c 65207072 6f706f73
10:27:00 ipsec,debug,packet 616c8008 0000
10:27:00 ipsec,debug,packet receive Information.
10:27:00 ipsec,debug,packet begin.
10:27:00 ipsec,debug,packet seen nptype=11(notify)
10:27:00 ipsec,debug,packet succeed.
10:27:00 ipsec,debug fatal NO-PROPOSAL-CHOSEN notify messsage, phase1 should be deleted.
10:27:00 ipsec,debug,packet notification message 14:NO-PROPOSAL-CHOSEN, doi=1 proto_id=1 spi=245727f2af4a03dd 9c80f195004de81e (size=16).
10:27:00 ipsec,debug Message: '"Could not find acceptable proposal '.
10:27:10 ipsec,debug,packet 541 bytes from 2.1.1.1[500] to 2.6.1.5[500]
10:27:10 ipsec,debug,packet sockname 2.1.1.1[500]
10:27:10 ipsec,debug,packet send packet from 2.1.1.1[500]
10:27:10 ipsec,debug,packet send packet to 2.6.1.5[500]
10:27:10 ipsec,debug,packet src4 2.1.1.1[500]
10:27:10 ipsec,debug,packet dst4 2.6.1.5[500]
10:27:10 ipsec,debug,packet 1 times of 541 bytes message will be sent to 2.6.1.5[500]
10:27:10 ipsec,debug,packet 245727f2 af4a03dd 00000000 00000000 01100400 00000000 0000021d 04000038
10:27:10 ipsec,debug,packet 620d0000 14448515 2d18b6bb cd0be8a8 469579dd cc0d0000 1412f5f2 8c457168
10:27:10 ipsec,debug,packet a9702d9f e274cc01 00000000 14afcad7 1368a1f1 c96b8696 fc775701 00
10:27:10 ipsec,debug,packet resend phase1 packet 245727f2af4a03dd:0000000000000000
10:27:10 ipsec,debug,packet ==========
10:27:10 ipsec,debug,packet 102 bytes message received from 2.6.1.5[500] to 2.1.1.1[500]
10:27:10 ipsec,debug,packet 245727f2 af4a03dd 9c80f195 004de81e 0b100500 9824ec45 00000066 0000004a
10:27:10 ipsec,debug,packet 436f756c 64206e6f 74206669 6e642061 63636570 7461626c 65207072 6f706f73
10:27:10 ipsec,debug,packet 616c8008 0000
10:27:10 ipsec,debug,packet receive Information.
10:27:10 ipsec,debug,packet begin.
10:27:10 ipsec,debug,packet seen nptype=11(notify)
10:27:10 ipsec,debug,packet succeed.
10:27:10 ipsec,debug fatal NO-PROPOSAL-CHOSEN notify messsage, phase1 should be deleted.
10:27:10 ipsec,debug,packet notification message 14:NO-PROPOSAL-CHOSEN, doi=1 proto_id=1 spi=245727f2af4a03dd 9c80f195004de81e (size=16).
10:27:10 ipsec,debug Message: '"Could not find acceptable proposal '.
10:27:13 ipsec,debug suitable outbound SP found: 192.168.111.0/24[0] 192.168.210.0/24[0] proto=any dir=out
10:27:13 ipsec,debug suitable inbound SP found: 192.168.210.0/24[0] 192.168.111.0/24[0] proto=any dir=in
10:27:13 ipsec,debug new acquire 192.168.111.0/24[0] 192.168.210.0/24[0] proto=any dir=out
10:27:13 ipsec,debug,packet  (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=Tunnel reqid=0:0)
10:27:13 ipsec,debug,packet   (trns_id=DES encklen=0 authtype=hmac-sha)
10:27:13 ipsec,debug request for establishing IPsec-SA was queued due to no phase1 found.
10:27:20 ipsec,debug,packet 541 bytes from 2.1.1.1[500] to 2.6.1.5[500]
10:27:20 ipsec,debug,packet sockname 2.1.1.1[500]
10:27:20 ipsec,debug,packet send packet from 2.1.1.1[500]
10:27:20 ipsec,debug,packet send packet to 2.6.1.5[500]
10:27:20 ipsec,debug,packet src4 2.1.1.1[500]
10:27:20 ipsec,debug,packet dst4 2.6.1.5[500]
10:27:20 ipsec,debug,packet 1 times of 541 bytes message will be sent to 2.6.1.5[500]
10:27:20 ipsec,debug,packet 245727f2 af4a03dd 00000000 00000000 01100400 00000000 0000021d 04000038
10:27:20 ipsec,debug,packet 620d0000 14448515 2d18b6bb cd0be8a8 469579dd cc0d0000 1412f5f2 8c457168
10:27:20 ipsec,debug,packet a9702d9f e274cc01 00000000 14afcad7 1368a1f1 c96b8696 fc775701 00
10:27:20 ipsec,debug,packet resend phase1 packet 245727f2af4a03dd:0000000000000000
10:27:30 ipsec,debug phase1 negotiation failed due to time up. 245727f2af4a03dd:0000000000000000
10:27:30 ipsec,debug,packet ===

Please help, thank you!

Pages: [1]