ID Algorithm SPI Life:sec/kb Mon vsys Port Gatewayġ31073 ESP:aes-256/sha256 561bcf4 2538/ unlim - root 4500 e.f.g.h Index State Initiator cookie Responder cookie Mode Remote Addressĥ116024 UP 77fa7eaeb2f0f554 280affa8d6d30521 Main show security ipsec security-associations Security associations seem to be show security ike security-associations
Pre-shared-key ascii-text "$9$qfF/u0IcSeuOhrlK7N" # SECRET-DATAĪuthentication-algorithm hmac-sha-256-128
The goal is to set up a GRE tunnel so that several private IP ranges from the SRX side are accessible from the Linux side. SRX Public IP: a.b.c.d - Internet zone, on reth0.0
I can work on the Linux side from there.) I can even use wireshark to decrypt the packets (using the keys from the Linux side) and I see that the contents are the ping packets with the correct private IPs inside.Īny ideas why the SRX side isn't responding to a ping? (If I could at least get the SRX side to respond. I can ping from either side and see the ESP packets going to the other side, but neither end responds to the ping (the ESP packet is dropped maybe?). It is now to the point where I have the security-associations showing so the tunnel seems to be active. I'm trying to configure a static ipsec tunnel between an SRX240 and a Linux host (using racoon).
0 kommentar(er)
