I'm trying to use VPN-monitor to improve the reliability of a VPN connection from our SRX210 to a Gnatbox at another site. I can ping ok when logged onto the SRX but the vpn-monitor brings down the VPN. I am running with the default vpn-monitor-options and every time, 110 seconds after the VPN comes up it is pulled down, renegotiated and comes back up again.
I can't understand why vpn-monitor thinks the VPN is down and there doesn't seem to be any logging to help me find out.
VPN monitor works best between Juniper devices. Devices from other manufacturers may not respond to the VPN monitor keep-alive packet, so the SRX will think that the VPN has failed and re-initiate the connection. If you turn off the VPN monitor do you get better stability?
With vpn-monitor turned off the stability is pretty good but given the nature of the traffic the stability would need to be excellent. I could really do with some logging as well so I can reported on vpn uptime and functionality.
Since vpn-monitor is just pinging the remote end and I can do the ping manually there must be something going on inside junos that is mucking it up.