DigiTroubleshooting Friday Nodate

Time past already since the last attempt to configure IPsec between Digibox and Juniper
SRX.
This second official attempt requires to take a look on each previous setup step on Digibox
due to some network changes on SRX. Specially avoid IP overlapping because there are
alredy some routes on SRX using 192.168.2.0, hence the new internal network for Digibox
will be 192.168.3.0
There was also a big typo detected regarding pointing the SRXs public ip address.
User pass for device: username/password
Updating firmware
Before
After
http://www.digi.com/support/productdetail?pid=5501
After upgrade home screen:
Reset to defaults
Administrator > Factory Default Settings.
nmap -sS -sU -p U:500,4500,6000,T:80,443 -Pn 94.225.234.251
Fresh boot after factory defaults.

After the factory default. Username/password
Change Digi Network to 192.168.2.0/24 192.168.3.0

192.168.4.0
This stage may require to manually specify your IP address
change dhcp settings.
Second attempt
Enter APN Settings

Configuration > Network > Interface > Mobile
Reenter APN settings: mobile.internet.be
IPSEc tunnel config

Settings:
IP address
Local Lan
Remote Lan
Security: Preshared Keys
Our ID type: IKE ID IPv4 Address
Our ID: 94.227.230.72
Remote ID: 94.225.232.87
AES 256 encryption
SHA1 authentication
DH group 2
Ike v1
IKE configuration 0
Bring this tunnel up all time.
94.255.234.251
94.225.232.87/20
Configure IKE
IKE 0:
Encryption: AES 256
Autentication SHA1
Mode Main
Group phase 1 2
Group Phase 2 2
Renegotiation 8h
Configure Responder
AES 256
Authentication SHA1
Group 2 2
PSK configuration
Configuration - Security > Users > User 0 - 9 > User 3
94.255.234.251 (epic typo)
psk is juniper
Configure Static Routes

Configuration - Network > IP Routing/Forwarding > Static Routes > Routes 0 - 9 > Route 0
Before
After
Check routes
Not good
19:35:55, 05 Aug 2016,IKE Request Received

19:35:35, 05 Aug 2016,(15) New Phase 1 IKE
94.255.234.251,Initiator
19:35:35, 05 Aug 2016,(14) IKE SA Removed.
19:35:35, 05 Aug 2016,(14) IKE Negotiation
Exceeded
19:35:05, 05 Aug 2016,(14) New Phase 1 IKE
94.255.234.251,Initiator
Exceeded
19:34:35, 05 Aug 2016,(13) New Phase 1 IKE
94.255.234.251,Initiator
Exceeded
19:34:05, 05 Aug 2016,(12) New Phase 1 IKE
From Eroute 0
From Eroute 0
Session
From Eroute 0
Peer: ,Negotiation Failure
Failed. Peer: ,Retries
From Eroute 0
From Eroute 0
Session
From Eroute 0
From Eroute 0
From Eroute 0
Session
From Eroute 0
From Eroute 0
From Eroute 0
Session
94.255.234.251,Initiator
19:34:05, 05 Aug 2016,IKE Request Received From Eroute 0
19:34:05, 05 Aug 2016,(11) IKE SA Removed. Peer: ,Negotiation Failure
19:34:05, 05 Aug 2016,(11) IKE Negotiation Failed. Peer: ,Retries
Exceeded
19:33:35, 05 Aug 2016,(11) New Phase 1 IKE Session
94.255.234.251,Initiator
19:33:35, 05 Aug 2016,(10) IKE Negotiation Failed. Peer: ,Retries
Exceeded
94.255.234.251,Initiator
19:33:05, 05 Aug 2016,(9) IKE Negotiation Failed. Peer: ,Retries Exceeded
94.255.234.251,Initiator
94.255.234.251,Initiator
94.255.234.251,Initiator
94.255.234.251,Initiator
94.255.234.251,Initiator
94.255.234.251,Initiator

94.255.234.251,Initiator
19:29:23, 05 Aug 2016,Par change by username, ike 0 deblevel to 4
94.255.234.251,Initiator
94.255.234.251,Initiator
19:28:35, 05 Aug 2016,Par change by username, eroute 0 injectroute to On
19:28:35, 05 Aug 2016,Par change by username, eroute 0 debug to On
19:23:47, 05 Aug 2016,Par change by username, ppp 1 ipsec to 1
19:20:20, 05 Aug 2016,Par change by username, route 0 ll_add to 1
19:20:20, 05 Aug 2016,Par change by username, route 0 ll_ent to PPP
19:20:20, 05 Aug 2016,Par change by username, route 0 IPaddr to
192.168.1.0
19:20:20, 05 Aug 2016,Par change by username, route 0 descr to Ipsec
Remote Juniper
19:05:50, 05 Aug 2016,Password 2 change,WEB
19:05:50, 05 Aug 2016,Username 2 change to '94.255.234.251',WEB
19:05:50, 05 Aug 2016,Par change by username, user 2 fieldip to
94.255.234.251
19:05:50, 05 Aug 2016,Par change by username, user 2 access to 8
19:05:50, 05 Aug 2016,Par change by username, user 2 name to
94.255.234.251
19:00:36, 05 Aug 2016,Par change by username, ike 0 rdhmaxgroup to 2
19:00:36, 05 Aug 2016,Par change by username, ike 0 rdhmingroup to 2
19:00:36, 05 Aug 2016,Par change by username, ike 0 rauthalgs to SHA1
19:00:36, 05 Aug 2016,Par change by username, ike 0 rencalgs to AES
18:58:39, 05 Aug 2016,Par change by username, ike 0 ipsecgroup to 2
18:58:39, 05 Aug 2016,Par change by username, ike 0 ikegroup to 2
18:58:39, 05 Aug 2016,Par change by username, ike 0 authalg to SHA1
18:58:39, 05 Aug 2016,Par change by username, ike 0 keybits to 256
18:58:39, 05 Aug 2016,Par change by username, ike 0 encalg to AES
18:58:26, 05 Aug 2016,GSM Registration On
18:58:16, 05 Aug 2016,GSM Registration Off
18:57:06, 05 Aug 2016,Par change by username, eroute 0 oosdelsa to On
18:57:06, 05 Aug 2016,Par change by username, eroute 0 enckeybits to 256
18:57:06, 05 Aug 2016,Par change by username, eroute 0 dhgroup to 2
18:57:06, 05 Aug 2016,Par change by username, eroute 0 autosa to 2
18:57:06, 05 Aug 2016,Par change by username, eroute 0 nosa to TRY
18:57:06, 05 Aug 2016,Par change by username, eroute 0 authmeth to
PRESHARED
18:57:06, 05 Aug 2016,Par change by username, eroute 0 proto to Off
18:57:06, 05 Aug 2016,Par change by username, eroute 0 IPCOMPalg to Off
18:57:06, 05 Aug 2016,Par change by username, eroute 0 ESPenc to AES
18:57:06, 05 Aug 2016,Par change by username, eroute 0 ESPauth to SHA1
18:57:06, 05 Aug 2016,Par change by username, eroute 0 AHauth to Off
18:57:06, 05 Aug 2016,Par change by username, eroute 0 mode to Tunnel
18:57:06, 05 Aug
255.255.255.0
18:57:06, 05 Aug
192.168.1.0
18:57:06, 05 Aug
255.255.255.0
18:57:06, 05 Aug
192.168.2.0
18:57:06, 05 Aug
94.255.234.251
18:57:06, 05 Aug
SRX
18:42:45, 05 Aug
18:41:01, 05 Aug
18:40:39, 05 Aug
18:39:53, 05 Aug
18:39:50, 05 Aug
18:39:14, 05 Aug
18:39:14, 05 Aug
18:39:14, 05 Aug
18:39:11, 05 Aug
18:39:11, 05 Aug
18:39:11, 05 Aug
18:39:11, 05 Aug
18:39:11, 05 Aug
18:39:11, 05 Aug
18:39:10, 05 Aug
18:39:06, 05 Aug
18:39:06, 05 Aug
18:39:06, 05 Aug
18:39:06, 05 Aug
18:39:00, 05 Aug
18:39:00, 05 Aug
2016,Par change by username, eroute 0 remmsk to

2016,Par change by username, eroute 0 remip to
2016,Par change by username, eroute 0 locmsk to
2016,Par change by username, eroute 0 locip to
2016,Par change by username, eroute 0 peerip to
2016,Par change by username, eroute 0 descr to Juniper
2016,WEB Login OK by username lvl 0
2016,Par change by username, eth 0 IPaddr to 192.168.2.1
2016,WEB Login OK by username lvl 0
2016,ETH 0 cable connect
2016,ETH 0 cable disconnect
2016,DNS Query Failed on [time.etherios.com]
2016,Default Route 0 Available,Activation
2016,PPP 1 up
2016,DNS Query Failed on [time.etherios.com]
2016,PPP 1 Start IPCP
2016,PPP 1 Start AUTHENTICATE
2016,PPP 1 Start LCP
2016,PPP 1 Start
2016,Modem connected on asy 5
2016,Modem dialing on asy 5 #:*98*1#
2016,Network technology changed to UMTS/HSDPA
2016,GSM Registration On
2016,GPRS Registration On
2016,GPRS Attachment On
2016,PPP 1 down,LL disconnect
2016,Modem disconnected on asy 5,18
Monitoring IKE SA
References
Release notes:
http://ftp1.digi.com/support/firmware/Digi%20TransPort%20Release%20Notes
%2052154.pdf
How to upgrade Firmware
http://knowledge.digi.com/articles/Knowledge_Base_Article/How-to-upgrade-the-firmwareon-a-Digi-TransPort-router-using-the-Web-interface/?
q=How+to+upgrade+the+firmware+on+a+Digi+TransPort+router+using+the+Web+interface
&l=en_US&c=Product_Category%3AEnterprise_Routers&fs=Search&pn=1

DigiTroubleshooting Friday Nodate

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

DigiTroubleshooting Friday Nodate

Hochgeladen von

Copyright:

Verfügbare Formate

Time past already since the last attempt to configure IPsec between Digibox and Juniper

After upgrade home screen:

nmap -sS -sU -p U:500,4500,6000,T:80,443 -Pn 94.225.234.251

Fresh boot after factory defaults.

Change Digi Network to 192.168.2.0/24 192.168.3.0

Enter APN Settings

IPSEc tunnel config

Configure Static Routes

19:35:55, 05 Aug 2016,IKE Request Received

19:30:05, 05 Aug 2016,(3) IKE Negotiation Failed. Peer: ,Retries Exceeded

2016,Par change by username, eroute 0 remmsk to

Das könnte Ihnen auch gefallen