Permanent/Monitored VPN tunnel(s) down for Juniper

Vendor

Juniper

Description

Some VPN tunnels are set to be permanent, or monitored, to ensure they are always up. Indeni will alert if such VPN tunnels are down.

Remediation Steps

Review the cause for the tunnels being down.

1. Areas to to check for possible root cause:
a. is the remote peer up or down?
b. verify that Phase I and Phase II configuration match on both ends
c. is policy in place to allow traffic?
d. NAT issues
e. encryption domain
f. routes
g. firewall logs.
2. Consider enabling debugging for the detailed information. |
3. Review this article on Juniper tech support site: How to troubleshoot a VPN tunnel that is down or not active

How does this work?

The script runs "show configuration security ike, show configuration security ipsec, show security ipsec inactive-tunnels, show security ipsec security-associations brief" to retrieve IPSec VPN related information.

Why is this important?

The IPSec VPN state can indicate whether the IPSec VPN has been correctly configured and whether the VPN is up or down.

Without Indeni how would you find this?

An administrator won't find the VPN being down until the users report issues. "show security ipsec inactive-tunnels, show security ipsec security-associations brief" will show the VPN status.

View Source Code
single