Support Support Downloads Knowledge Base Apex Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

No IKE Phase 1 cookie for the remote VPN peer IP address when the command 'get ike cookie' is executed, but the VPN is up.

0

0

Article ID: KB9026 KB Last Updated: 11 Aug 2010Version: 3.0
Summary:
The VPN is up and active, but when the command get ike cookie is issued, there is no IKE Phase 1 cookie for the remote VPN peer IP address.
Symptoms:

The VPN is up and active, but when the command get ike cookie is issued, there is no remote VPN peer IP address in the output.


Solution:
This is caused when the IKE Phase 2 lifetime has been set to a longer duration than the Phase 1 lifetime.  The IKE Phase 1 lifetime needs to be longer then the IKE Phase 2 lifetime if the remote VPN peer IP address is to be seen in the output of the command get ike cookie.

By default:
  • the lifetime of IKE Phase 1 is 8 hours
  • the lifetime of IKE Phase 2 is 1 hour.

If the duration of the IKE Phase 2 lifetime is increased to a longer duration than the IKE Phase 1 (for example, if the IKE Phase 2 lifetime is set to 12 hours, but the IKE Phase 1 is kept at the default of 8 hours), then when the IKE Phase 1 negotiation times out, the information shown in the IKE Phase 1 is cleared. The command get ike cookie will not show the remote VPN peer IP address in the output.

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search