Knowledge Search


×
 

[NFX] Route not listed in route forwarding-table of IPSec-NM

  [KB33626] Show Article Properties


Summary:

After adding route configuration to IPSec Network Manager (IPSec-NM), users may find that a route is missing in the forwarding table or that the forwarding-table is empty or that the forwarding table itself is missing.

This article indicates what must be done to troubleshoot the issue.

Symptoms:

The following symptoms are observed:

  • Unable to pass traffic via IPSec-NM

  • Unable to establish VPN via IPSec-NM

  • srxpfe daemon is not running on IPSec-NM

  • Deactivate IPSec-NM, then activate IPSec-NM did not help

Cause:

The route forwarding-table can be missing or empty due to srxpfe or monit process daemon not running.

Solution:

Check to verify that if srxpfe or monit process daemon is running. You can check this by running the following command in the ipsec-nm shell:

ps aux | grep srxpfe

The following is an example of ipsec-nm where srxpfe is running:

root@ipsec-nm%ps aux | grep srxpfe
root        94 15.2  0.9 2262256 147124 ?      Sl   Apr23 237:14 /usr/sbin/srxpfe -a -d
root      6692  0.0  0.0   4400   396 pts/0    S+   00:23   0:00 grep srxpfe
root@ipsec-nm%

Unfortunately, if you run into this situation where the srxpfe process is NOT running on the IPSec-NM, the only resolution is to reboot the NFX device again.

NoteIf you deactivate/activate IPSec-NM from the Juniper Device Manager (JDM), you will see a core dump on IPSec-NM, and the srxpfe daemon will not start.  You will have to reboot the entire NFX.  This is a known product limitation.

Modification History:
2019-08-02: added deactivate / activate note to solution section
Related Links: