Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] IPSec VPN roles - Responder or Initiator

0

1

Article ID: KB36262 KB Last Updated: 22 Oct 2020Version: 1.0
Summary:

For every VPN tunnel there is an Initiator device triggering the IKE negotiation and the Responder device accepting the first IKE exchange packets. Understanding the roles is helpful when troubleshooting VPN issues.

This article explains how to identify whether the gateway is acting as Responder or Initiator for the specific VPN.
Solution:

Identify the role with 'show security ike security-associations' as shown below:

root@Corporate> show security ike security-associations
Index   State  Initiator cookie  Responder cookie  Mode           Remote Address   
6695410 UP     4f61f68dcad7bd87  e3a72e5385d72fcc  Main           192.168.1.1     

root@Corporate> ...ity-associations index 6695410 detail                     
IKE peer 192.168.1.1, Index 6695410, Gateway Name: Gateway
  Role: Initiator, State: UP ==> Here
  Initiator cookie: 4f61f68dcad7bd87, Responder cookie: e3a72e5385d72fcc

If outputs are not seen under 'show security ike security-associations', then use the following methods to determine the roles:
  1. Check the equivalent output on peer side and verify the role of peer.
  2. If using Aggressive Mode VPN, the site with dynamic IP will be the Initiator.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search