DescriptionSome VPN tunnels are set to be permanent, or monitored, to ensure they are always up. Indeni will alert if such VPN tunnels are down.
Remediation StepsReview the cause for the tunnels being down.
1. Areas to to check for possible root cause:
a. is the remote peer up or down?
b. verify that Phase I and Phase II configuration match on both ends
c. is policy in place to allow traffic?
d. NAT issues
e. encryption domain
g. firewall logs.
2. Consider enabling debugging for the detailed information. |
3. Review this article on Juniper tech support site: How to troubleshoot a VPN tunnel that is down or not active
How does this work?The script runs "show configuration security ike, show configuration security ipsec, show security ipsec inactive-tunnels, show security ipsec security-associations brief" to retrieve IPSec VPN related information.
Why is this important?The IPSec VPN state can indicate whether the IPSec VPN has been correctly configured and whether the VPN is up or down.
Without Indeni how would you find this?An administrator won't find the VPN being down until the users report issues. "show security ipsec inactive-tunnels, show security ipsec security-associations brief" will show the VPN status.
View Source Code