Re: [nn] Monitoring of Juniper to Cisco VPN

[tami <deadboy@tox.mine.nu>]

Hi, just in case... 
<http://seclists.org/firewall-wizards/2002/Nov/0183.html>

I had to set these source-int and destination-ip when doing Juniper to Cisco 
and Juniper to racoon.  -tami



From: "Troy Coulombe" <TCoulombe@telecomsys.com>
Subject: Re: [nn] Monitoring of Juniper to Cisco VPN
Date: Fri, 26 Jan 2007 13:05:32 -0800
Message-ID: 
<8C837214C95C864C9F34F3635C2A657503FF6D9D@SEA-EXCHVS-2.telecomsys.com>

TCoulombe> Yea, unfortunately, that's only an option from a Juniper to Juniper 
[and
TCoulombe> works perfectly for J to J].  In fact, Juniper to Cisco, if you have
TCoulombe> this option enabled, the VPN will not come up [had opened a JTAC 
case to
TCoulombe> find this out the hard way]
TCoulombe> 
TCoulombe>  
TCoulombe> 
TCoulombe>  
TCoulombe> 
TCoulombe> -- 
TCoulombe> TroyC 
TCoulombe> c: 425.299.8305 
TCoulombe> d: 206.792.2356 
TCoulombe> 
TCoulombe> ________________________________
TCoulombe> 
TCoulombe> From: Joe Loiacono [mailto:jloiacon@csc.com] 
TCoulombe> Sent: Friday, January 26, 2007 11:37 AM
TCoulombe> To: Troy Coulombe
TCoulombe> Cc: nn@qorbit.net; nn-bounces@qorbit.net
TCoulombe> Subject: Re: [nn] Monitoring of Juniper to Cisco VPN
TCoulombe> 
TCoulombe>  
TCoulombe> 
TCoulombe> 
TCoulombe> There is a capability called 'vpnmonitor' (e.g., get vpn shows a
TCoulombe> 'monitor' option.) Maybe if you turn this on, it will keep something 
in
TCoulombe> the MIB. 
TCoulombe> 
TCoulombe> Joe
TCoulombe> 
TCoulombe> 
TCoulombe> 
TCoulombe> 
TCoulombe> "Troy Coulombe" <TCoulombe@telecomsys.com> 
TCoulombe> Sent by: nn-bounces@qorbit.net 
TCoulombe> 
TCoulombe> 01/26/2007 02:03 PM 
TCoulombe> 
TCoulombe> To
TCoulombe> 
TCoulombe> <nn@qorbit.net> 
TCoulombe> 
TCoulombe> cc
TCoulombe> 
TCoulombe>  
TCoulombe> 
TCoulombe> Subject
TCoulombe> 
TCoulombe> [nn] Monitoring of Juniper to Cisco VPN
TCoulombe> 
TCoulombe>  
TCoulombe> 
TCoulombe>  
TCoulombe> 
TCoulombe>  
TCoulombe> 
TCoulombe> 
TCoulombe> 
TCoulombe> 
TCoulombe> Trying to find the MIB [or _a method_ ] to know when a Juniper 
[local]
TCoulombe> to Cisco [remote] VPN is up or down. 
TCoulombe> 
TCoulombe> Using a MIB walker, we can't find anything that will tell us when the
TCoulombe> VPN is up/down... looking for the IKE state I guess... 
TCoulombe> 
TCoulombe> We have the VPN tied to a tunnel interface, however the tunnel 
interface
TCoulombe> being virtual, is always up. 
TCoulombe> 
TCoulombe> Thoughts?  Thanks. 
TCoulombe> 
TCoulombe> -- 
TCoulombe> 
TCoulombe> TroyC 
TCoulombe> 
TCoulombe> C: 425.299.8305 
TCoulombe> 
TCoulombe> D: 206.792.2356 
TCoulombe> 
TCoulombe>   
TCoulombe> 
TCoulombe> The information contained in this message may be privileged and/or
TCoulombe> confidential. If you are not the intended recipient, or responsible 
for
TCoulombe> delivering this message to the intended recipient, any review,
TCoulombe> forwarding, dissemination, distribution or copying of this 
communication
TCoulombe> or any attachment(s) is strictly prohibited. If you have received 
this
TCoulombe> message in error, please so notify the sender immediately, and 
delete it
TCoulombe> and all attachments from your computer and network. 
TCoulombe> 
TCoulombe>  _______________________________________________
TCoulombe> nn mailing list
TCoulombe> nn@qorbit.net
TCoulombe> http://qorbit.net/mailman/listinfo/nn
TCoulombe> 
_______________________________________________
nn mailing list
nn@qorbit.net
http://qorbit.net/mailman/listinfo/nn