Juniper SRX防火墙IPSec SA Lifetime showing "expired"

最新推荐文章于 2024-08-17 17:43:06 发布

weixin_33716941

最新推荐文章于 2024-08-17 17:43:06 发布

阅读量392

点赞数

原文链接：http://blog.51cto.com/handsomelbl/1136828

版权

netscreen@SRX3600> show security ipsec security-associations
Total active tunnels: 1
ID    Gateway          Port Algorithm       SPI      Life:sec/kb Mon vsys
<86769665 10.200.51.202 500 ESP:3des/sha1   4b9f0aa9 expir/expir   -   root
>86769665 10.200.51.202 500 ESP:3des/sha1   743ca5f3 expir/expir   -   root

解决方法：

netscreen@SRX3600# set groups global system processes ntp enable
netscreen@SRX3600# set groups global system ntp boot-server 123.146.124.27
netscreen@SRX3600# set groups global system ntp server 123.146.124.27
netscreen@SRX3600# set system ntp
netscreen@SRX3600# set security zones security-zone untrust host-inbound-traffic system-services ntp

完成后重启防火墙：

netscreen@SRX3600> request system reboot

再次查看IPSec SA Lifetime：

netscreen@SRX3600> show security ipsec security-associations
Total active tunnels: 1
ID    Gateway          Port Algorithm       SPI      Life:sec/kb Mon vsys
<86769665 10.200.51.202 500 ESP:3des/sha1   4b34955f 3195/ unlim   -   root
>86769665 10.200.51.202 500 ESP:3des/sha1   1c39b7c4 3195/ unlim   -   root

查看IKE SA也有输出了：

netscreen@SRX3600> show security ike security-associations
Index   Remote Address State Initiator cookie Responder cookie Mode
2474320938 10.200.51.202 UP    30701f305ab6d1a7 0277d0c4d1f15e36  Aggressive

转载于:https://blog.51cto.com/handsomelbl/1136828