Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

netscreen 5xp tunnel fails help!

Status
Not open for further replies.
OmegaLS

OmegaLS

IS-IT--Management
Apr 1, 2004
12
US
ok here goes,
i have 2 locations w/ 5xps, one w/ version 2.6.1r3.1 and the other w/ one of the new versions 4.0.2r3.0. both have access to the internet, but the tunnel between them seems to fail about every 2 days consistently, requiring the location w/ version 2.6 to be rebooted. i repaced this box w/ another box of the same version and rebuilt everything, but same problem. the only thing i havent tried i think is upgrade the box, since i the box is out of warrenty and cant download the newest version w/out paying $150. does anyone have any ideas on what to do?
 
Sort by date Sort by votes
What is the Phase 1 and 2 time-out values on both? do they match? if you want, you can paste the configs here and I will take a look. Just make sure you xxxx out any sensitive data (passwords, public IPs, etc...)

Rgds,

John
 
Upvote 0 Downvote
they dont match, i wasnt the one that initially configured this, but when i put the new box in and i had them matching the other ends the tunnel didnt build, but when i mirrored the box i removed it did. i think u just gave me an idea of removing the tunnel from both ends and rebuilding. does that sound right?
 
Upvote 0 Downvote
oh btw, it was working w/ no problems w/out them matching, so i dont understand y it all of a sudden decided to act funny
 
Upvote 0 Downvote
Hey,

I like that approach. I would get a sopy of each config first, then rebuild your tunnels. Good luck, let me know if I can help in anyway.

Rgds,

John
 
Upvote 0 Downvote
i went ahead and rebuilt it all, and still no dice, i went into the box at 3.30 am this morning and saw everything was operational, when they get into the office, the tunnels down. i made sure the keys matched on both ends, and now the only other thing i can think of is be on the link myself b4 the first person and see wats going on. one more thing i didnt mention was that i saw wat looked to be a hack attempt on the box w/ the newer os. a guy from the uk was spamming telnet port trying to get in w/ bogus l/p, so i disabled telnet on the public interface, and he looks like hes gone away for now. you guys wouldnt happen to have the OS upgrades would u?
 
Upvote 0 Downvote
Hello,

Do you have a CSO account with Netscreen? I would open one and find out if your NS's can be upgraded. Is this a corporate environment? If so, I would push for OS 5 on both sides. Just an idea. If the upgrade doesn't work for you, let me know and we can try some debugs together.

Rgds,

John
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
294
Sameer258
Sameer258
ISDPCMAN
  • Locked
  • Question
RDP fails over VPN
Replies
1
Views
128
gkittelson
gkittelson
intel233
  • Locked
  • Question
Cisco ASA 5510 -Static NAT Help
Replies
8
Views
333
intel233
intel233
tklamb
  • Locked
  • Question
ACL help
Replies
0
Views
69
tklamb
tklamb
Russtoleum
  • Locked
  • Question
SW GVC won't route traffic through sonicwall to offsite tunnel unless it leases an ip on the same su
Replies
1
Views
92
Russtoleum
Russtoleum

Part and Inventory Search

Sponsor

Back
Top