Hi,
I have a strange behavior on our SRX240.
We have setup several Site-toSite-VPNs (policy-based) and we are using the dynamic VPN (only with Pulse-Client).
The Tunnels work fine.
The Problem is, that the somehow the routing to the internal network (172.18.10.0) for the site-to-site-VPNs stop working when no dynamic VPN is online. As soon as one or more dynamic Connection is made and online the Remote-Networks of the Site-to-Site-VPNs can route in our network. If all dynamic VPNs are offline, it takes about 5-10 Minutes and then the routing of the Remote-Networks of the Site-To-Site-VPNs wil stop working and any Connection inside our Network is stuck at the SRX. When connecting whith Pulse again the routing for Site-To-Site-VPNs work immediatly when Pulse finished connecting and Connction is done.
Somehow it looks like the Dynamic VPN is setting some routing, which will get lost when no dynamic VPN is connected.
Does anyone have any idea where to search for this Problem?
Here are some configurations-parts of the srx which might help:
skoenig@wall> show interfaces terse
Interface Admin Link Proto Local Remote
ge-0/0/0 up up
ge-0/0/0.0 up up inet xxx.xxx.xxx.xxx/29
gr-0/0/0 up up
ip-0/0/0 up up
lsq-0/0/0 up up
lt-0/0/0 up up
mt-0/0/0 up up
sp-0/0/0 up up
sp-0/0/0.0 up up inet
sp-0/0/0.16383 up up inet 10.0.0.1 --> 10.0.0.16
10.0.0.6 --> 0/0
128.0.0.1 --> 128.0.1.16
128.0.0.6 --> 0/0
ge-0/0/1 up down
ge-0/0/1.0 up down eth-switch
ge-0/0/2 up down
ge-0/0/2.0 up down eth-switch
ge-0/0/3 up up
ge-0/0/3.0 up up eth-switch
ge-0/0/4 up down
ge-0/0/4.0 up down eth-switch
ge-0/0/5 up down
ge-0/0/5.0 up down eth-switch
ge-0/0/6 up down
ge-0/0/6.0 up down eth-switch
ge-0/0/7 up down
ge-0/0/7.0 up down eth-switch
ge-0/0/8 up down
ge-0/0/8.0 up down eth-switch
ge-0/0/9 up down
ge-0/0/9.0 up down eth-switch
ge-0/0/10 up down
ge-0/0/10.0 up down eth-switch
ge-0/0/11 up down
ge-0/0/11.0 up down eth-switch
ge-0/0/12 up down
ge-0/0/12.0 up down eth-switch
ge-0/0/13 up down
ge-0/0/13.0 up down eth-switch
ge-0/0/14 up down
ge-0/0/14.0 up down eth-switch
ge-0/0/15 up down
ge-0/0/15.0 up down eth-switch
fxp2 up up
fxp2.0 up up tnp 0x1
gre up up
ipip up up
irb up up
lo0 up up
lo0.16384 up up inet 127.0.0.1 --> 0/0
lo0.16385 up up inet 10.0.0.1 --> 0/0
10.0.0.16 --> 0/0
128.0.0.1 --> 0/0
128.0.0.4 --> 0/0
128.0.1.16 --> 0/0
lo0.32768 up up
lsi up up
mtun up up
pimd up up
pime up up
pp0 up up
ppd0 up up
ppe0 up up
st0 up up
st0.0 up up inet
tap up up
vlan up up
vlan.0 up up inet 172.18.10.1/24
vlan.4 up down inet 192.168.10.254/24
vlan.5 up down inet 192.168.11.1/24
skoenig@wall> show route
inet.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0 *[Static/5] 19w0d 17:24:50
> to xxx.xxx.xxx.xxx via ge-0/0/0.0
172.18.10.0/24 *[Direct/0] 30w0d 01:12:17
> via vlan.0
172.18.10.1/32 *[Local/0] 30w0d 01:12:42
Local via vlan.0
192.168.10.254/32 *[Local/0] 30w0d 01:12:42
Reject
192.168.11.1/32 *[Local/0] 30w0d 01:12:42
Reject
xxx.xxx.xxx.xxx/29 *[Direct/0] 19w0d 17:24:50
> via ge-0/0/0.0
xxx.xxx.xxx.yyy/32 *[Local/0] 30w0d 01:12:29
Local via ge-0/0/0.0
skoenig@wall> show ethernet-switching interfaces
Interface State VLAN members Tag Tagging Blocking
ge-0/0/1.0 down vlan0 2 untagged blocked by STP
ge-0/0/2.0 down vlan0 2 untagged blocked by STP
ge-0/0/3.0 up vlan0 2 untagged unblocked
ge-0/0/4.0 down vlan0 2 untagged blocked by STP
ge-0/0/5.0 down vlan0 2 untagged blocked by STP
ge-0/0/6.0 down vlan4 6 untagged blocked by STP
ge-0/0/7.0 down vlan4 6 untagged blocked by STP
ge-0/0/8.0 down vlan4 6 untagged blocked by STP
ge-0/0/9.0 down vlan4 6 untagged blocked by STP
ge-0/0/10.0 down vlan4 6 untagged blocked by STP
ge-0/0/11.0 down vlan5 7 untagged blocked by STP
ge-0/0/12.0 down vlan5 7 untagged blocked by STP
ge-0/0/13.0 down vlan5 7 untagged blocked by STP
ge-0/0/14.0 down vlan5 7 untagged blocked by STP
ge-0/0/15.0 down vlan5 7 untagged blocked by STP
Thank in advance,
Steven