request security re-distribution ipsec-vpn
Syntax
request security re-distribution ipsec-vpn gateway-name <gateway-name> fpc <fpc-number> pic <pic-number> [thread-id <tid>] [remote-id <rid>]
Description
Redistribute the tunnels that belongs to a Auto VPN or site-to-site gateway to a new processing unit.
This command migrates the tunnels only once and is valid only for 30 minutes, if the peer does not bring up the tunnel(s) immediately. After execution of the command, subsequent tunnels for the peer is established on the same FPC, PIC, and thread-id (only if specified).
In case of Auto VPN gateways, once the tunnels are brought down, it is expected that peer re-establishes the tunnel.
This command causes traffic disruption when used on an already established tunnel. If the command is used on a tunnel which is already anchored on the destination processing unit, it will not tear down the tunnel and re-establish it.
This feature is supported only on SRX5K-SPC3 (SPC3) card and in mixed-mode (SPC3 or SRX5K-SPC-4-15-320 (SPC2) cards).
When a tunnel goes down, you can use only the syslog to trace why a tunnel is anchored on a different processing unit.
If you want to migrate the tunnel back to the previous FPC or
PIC (that is, default profile), you can either redistribute the tunnel
again or run the clear security ike security-associations index SA-index-number command.
Options
| gateway-name gateway-name | Name of the gateway. |
| fpc fpc-number | FPC slot number (0..63). |
| pic pic-number | PIC slot number (0..3). |
| thread-id tid | (Optional) Thread ID number. Only valid for SPC3. (1..27) |
| remote-id rid | If you provide Auto VPN as a gateway, then it is mandatory to provide the remote-id. If you provide site-to-site as a gateway, then you need not provide the remote-id. |
Required Privilege Level
maintenance
Release Information
Command introduced in Junos OS Release 20.4R1.