If you receive the following error while performing a packet capture with tcpdump, there is a solution.
Packet size limited during capture
Simply run tcpdump with the “-s 0” flag, and this will capture the entire packet. For example:
sudo tcpdump -i any -w capture.pcap -s 0
If your phase 1 negotiation is timing out from your SRX, it may be due to lack of IKE setting on the host-inbound-traffic setting.
Here is a typical error:
Jan 01 12:00:00 Phase-1 negotiation failed with error Timeout for p1_local=ipv4(
udp:500,[0..3]=192.0.2.1) p1_remote=ipv4(udp:500,[0..3]=198.51.100.1)
A broken config will look like this – notice the lack of IKE.
root@srx> show configuration security
security {
security-zone untrust {
address-book {
address 10.0.0.0/24 10.0.0.0/24;
address 10.0.1.0/24 10.0.1.0/24;
}
host-inbound-traffic {
system-services {
ping;
ssh;
}
}
interfaces {
fe-0/0/2.0;
st0.0;
}
}
}
Note the lack of IKE on host-inbound-traffic. Here is how you fix it.
root@srx# set security security-zone untrust host-inbound-traffic system-services ike
Here is the update config
root@srx> show configuration security
security {
security-zone untrust {
address-book {
address 10.0.0.0/24 10.0.0.0/24;
address 10.0.1.0/24 10.0.1.0/24;
}
host-inbound-traffic {
system-services {
ping;
ssh;
ike;
}
}
interfaces {
fe-0/0/2.0;
st0.0;
}
}
}