![]() Set groups CUSTOMER_GROUP security zones security-zone AZURE_ZONE address-book address AZURE_ZONE-RANGE 192.168.183.0/24 Set groups CUSTOMER_GROUP security zones security-zone INTERNET interfaces vlan.457 host-inbound-traffic system-services ping Set groups CUSTOMER_GROUP security zones security-zone INTERNET interfaces vlan.457 host-inbound-traffic system-services telnet Set groups CUSTOMER_GROUP security zones security-zone INTERNET interfaces vlan.457 host-inbound-traffic system-services snmp Set groups CUSTOMER_GROUP security zones security-zone INTERNET interfaces vlan.457 host-inbound-traffic system-services ssh Set groups CUSTOMER_GROUP security zones security-zone INTERNET interfaces vlan.457 host-inbound-traffic system-services ike Set groups CUSTOMER_GROUP security policies from-zone AZURE_ZONE to-zone CUSTOMER_TRUST policy default-allow then permit Set groups CUSTOMER_GROUP security policies from-zone AZURE_ZONE to-zone CUSTOMER_TRUST policy default-allow match application any Set groups CUSTOMER_GROUP security policies from-zone AZURE_ZONE to-zone CUSTOMER_TRUST policy default-allow match destination-address CUSTOMER-PRIVATES Set groups CUSTOMER_GROUP security policies from-zone AZURE_ZONE to-zone CUSTOMER_TRUST policy default-allow match source-address AZURE_ZONE-RANGE Set groups CUSTOMER_GROUP security ipsec vpn IPSEC_VPN establish-tunnels immediately Set groups CUSTOMER_GROUP security ipsec vpn IPSEC_VPN ike ipsec-policy IPSEC_POLICY Set groups CUSTOMER_GROUP security ipsec vpn IPSEC_VPN ike gateway IKE_GATEWAY Set groups CUSTOMER_GROUP security ipsec vpn IPSEC_VPN vpn-monitor destination-ip 192.168.183.2 Set groups CUSTOMER_GROUP security ipsec vpn IPSEC_VPN vpn-monitor optimized Set groups CUSTOMER_GROUP security ipsec vpn IPSEC_VPN bind-interface st0.2 Set groups CUSTOMER_GROUP security ike gateway IKE_GATEWAY version v2-only Set groups CUSTOMER_GROUP security ike gateway IKE_GATEWAY external-interface vlan.457 Set groups CUSTOMER_GROUP security ike gateway IKE_GATEWAY address omitted Set groups CUSTOMER_GROUP security ike gateway IKE_GATEWAY ike-policy IKE_POLICY Set groups CUSTOMER_GROUP security ike policy IKE_POLICY pre-shared-key ascii-text omitted Set groups CUSTOMER_GROUP security ike policy IKE_POLICY proposals IKE_PROPOSAL Set groups CUSTOMER_GROUP security ike policy IKE_POLICY mode main Set groups CUSTOMER_GROUP interfaces st0 unit 2 family inet Set groups GENERIC_GROUP security ipsec policy IPSEC_POLICY proposals IPSEC_PROPOSAL Set groups GENERIC_GROUP security ipsec proposal IPSEC_PROPOSAL lifetime-seconds 3600 Set groups GENERIC_GROUP security ipsec proposal IPSEC_PROPOSAL encryption-algorithm aes-256-cbc Set groups GENERIC_GROUP security ipsec proposal IPSEC_PROPOSAL authentication-algorithm hmac-sha1-96 Set groups GENERIC_GROUP security ipsec proposal IPSEC_PROPOSAL protocol esp Set groups GENERIC_GROUP security ike proposal IKE_PROPOSAL lifetime-seconds 28800 Set groups GENERIC_GROUP security ike proposal IKE_PROPOSAL encryption-algorithm aes-256-cbc Set groups GENERIC_GROUP security ike proposal IKE_PROPOSAL authentication-algorithm sha1 Set groups GENERIC_GROUP security ike proposal IKE_PROPOSAL dh-group group2 set groups GENERIC_GROUP security ike proposal IKE_PROPOSAL authentication-method pre-shared-keys ![]() I need the tunnel to stay up even when there's no traffic running over it. I would greatly appreciate any advice or assistance on the matter. So there's no way to bring the tunnel back up automatically at this time. When phase 2 drops, so does the static route and routing follows the next more specific route. This would be ok but unfortunately I have to statically route the remote ranges over the tunnel and since the tunnel doesn't (and can't) have an IP address, my next hop is st0.2. In my "show log kmd" I am seeing P2 no proposal chosen messages after the drop occurs. I've also configured VPN monitor to a destination on the other end of the tunnel but this also didn't work. I've tried playing around with DPD but Azure doesn't support it. The tunnel works fine but phase 2 drops when there is no traffic running across the tunnel (doesn't matter from which side traffic originates). I've configured an IPSec tunnel to Microsoft Azure from my Juniper SRX240 (12.1X44-D45.2). I'm a bit stumped and was hoping to find some guidance here.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |