Anthony Fajri

I am The Story of This Blog

Manually Force Netscreen to Renegotiate Phase 1 Proposal for IPSec Tunneling

Last week, I sent this email to j-nsp mailling list. But since I got no reply, so I put it here. Hope someone there can help :)

Hi All,

Last time, I got some problem when implementing IPSec tunneling (in hub & spoke topology).
one of my site got unstable vpn link.
the log showed that the link is up and down, without any other error log.
I followed this step: http://kb.juniper.net/KB9488, but didn’t help.

If the vpn was down, I can bring it up just by restarting the netscreen. of course this is not a good practice.
but at the time, this action (restarting the netscreen) shows that nothing wrong with the configuration.

and the condition when the link was flapping is:
- latency is good
- when the link is up, throughput is also good
- we use ADSL link (no public IP for netscreen, so the untrust interface is using private IP) for the spoke, and dedicated link for the hub (6 mbps)
- we also has another link using ADSL, and we didn’t face any problem in the link.

then we suspect that the problem is in WAN link.
and we solve the problem after replacing the ADSL modem in the remote site.
seems like the quality of ADSL modem is not that good.

I then questioned myself, how to manually force the netscreen to renegotiate phase 1 proposal?
So if the same problem happen, I don’t need to restart the netsreen.
(that time was the 2nd time I bring up the vpn link just by restarting the netscreen).

ps:
- I use default heartbeat
- sometime, sending data thought the vpn link (although at the time the vpn link was down) can bring up the vpn tunnel, but it doesn’t guarantee that the vpn link goes up immediately, so this also doesn’t help (for my case)
- i configure vpn monitor (pinging the trust interface of spoke netscreen from trust interface of hub netscreen), but also didn’t work

So, does anyone know how to force the netscreen to renegotiate the ipsec proposal (phase 1 and phase 2)?

Thanks for the reply

Regards,


Anthony Fajri
http://fajri.freebsd.or.id

November 3rd, 2007 Posted by Anthony Fajri| Juniper | 2 comments

Biomedical Engineering

Biomedical engineering (BME) is the application of engineering principles and techniques to the medical field. It combines the design and problem solving skills of engineering with the medical and biological science to help improve patient health care and the quality of life of healthy individuals. Wikipedia.

I was graduated from Electrical Engineering Department, Institute of Technology Bandung, Indonesia. My major was Biomedical Engineering.

I had to decide the major I took at my 2nd year. Then at the 3rd year (or 5th semester), I need to attend several biomedical class. Frankly, it was one of my mistake to take biomedical engineering. hahahahha.

One thing I remember about biomedical engineering class is: In the beginning of the class, we studied (well, actually was doctrined) about definition of biomedical engineering.

Biomedical Engineering (Teknik Biomedika) is a multidisciplinary field, involving various engineering, scientific and technological methods to solve problems in biology & medicine for the improvement of the community health-care. This is a growing field that continues to significantly contribute on health-care. Biomedical systems provide supports the medical professionals in conducting the medical procedures, which include: collecting of data/information, analysis, diagnosis, and therapy. Overview

But, I’m happy to take biomedical engineering, and I’m proud of it.

November 3rd, 2007 Posted by Anthony Fajri| personal | no comments

Indonesian Blogger