SRX Services Gateway
Highlighted
SRX Services Gateway

VPN monitor incorrectly brings down VPN

‎03-02-2011 05:20 AM

I'm trying to use VPN-monitor to improve the reliability of a VPN connection from our SRX210 to a Gnatbox at another site. I can ping ok when logged onto the SRX but the vpn-monitor brings down the VPN. I am running with the default vpn-monitor-options and every time, 110 seconds after the VPN comes up it is pulled down, renegotiated and comes back up again.

I can't understand why vpn-monitor thinks the VPN is down and there doesn't seem to be any logging to help me find out.

Can anyone help me shed some light on this?

3 REPLIES 3
Highlighted
SRX Services Gateway

Re: VPN monitor incorrectly brings down VPN

‎03-02-2011 10:00 PM

VPN monitor works best between Juniper devices. Devices from other manufacturers may not respond to the VPN monitor keep-alive packet, so the SRX will think that the VPN has failed and re-initiate the connection. If you turn off the VPN monitor do you get better stability?

Highlighted
SRX Services Gateway

Re: VPN monitor incorrectly brings down VPN

‎03-03-2011 03:00 AM

With vpn-monitor turned off the stability is pretty good but given the nature of the traffic the stability would need to be excellent. I could really do with some logging as well so I can reported on vpn uptime and functionality.

 

Since vpn-monitor is just pinging the remote end and I can do the ping manually there must be something going on inside junos that is mucking it up.

Highlighted
SRX Services Gateway

Re: VPN monitor incorrectly brings down VPN

‎03-03-2011 07:29 AM

I have expierenced the same issue, when I just turn on vpn monitor it manges to constantly make the tunnel go up and down

 

I managed to fudge it by

 

Even though I cant ping the destination ip from that interface the tunnel stays up

Feedback