11-17-2017 11:07 AM - edited 03-05-2019 09:30 AM
Hello everyone,
Looking for some help with this odd issue. At our datacenter we are running a Juniper SRX and we are running 2xCisco CSR's running IOS-XE code. We have ipsec tunnels running from the srx to each of the csr's.
On csr1, bgp over the ipsec tunnel is up and running fine.
On csr2, the bgp session keeps flapping with Hold Time expired messages. The bgp configuration on both csrs is exactly the same. The session establishes and then just never receives a keepalive to keep the session alive.
The ipsec does not drop when the bgp session flaps. Also when the bgp session flaps I can still telnet to port 179 on the remote router.
Any idea what could be causing this?
11-17-2017 12:47 PM
Some more info:
Seems like the srx is not sending any additional keepalive packets after the initial 2 keepalives when the session first gets established thus the hold timer expires and the session goes down.
Any thoughts as to why the srx would stop sending keepalives?
11-17-2017 01:00 PM
This is most probably an MTU issue. Please refer to the following document.
Regards,
08-09-2022 06:59 AM
Hello @thetrainerx
I know this post is old but I'm also trying to configure VPN between Juniper and Cisco with BGP. Could you please share example config for Juniper VPN with BGP.
Thank you.
Isac
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide