VPN tunnel(s) down for Juniper

Vendor

Juniper

Description

Indeni will alert if one or more VPN tunnels is down.

Remediation Steps

Review the cause for the tunnels being down.

Run "show security ipsec inactive-tunnels" command to review inactive tunnels and tunnel down reasons.

2. Run "show security ipsec security-associations brief [detail]" to check if Phase 1 and Phase 2 are up.

3. Check the Phase 1 and Phase 2 configuration. Ensure they are matched on both ends.

4. Check if any filtering is applied to access-list, policy or NAT.

5. Check the routes to the remote peer.

6. Check the logs for VPN tunnel reporting

7. Consider enabling VPN monitoring for the tunnel status.

8. Consider setting traceoptions by running "set security ike traceoptions file vpn.tr size 5m files 5 world-readable" command for more detailed information.

9. Review the following articles on Juniper tech support site: How to troubleshoot a VPN tunnel that is down or not active

10. Understanding VPN Monitoring

11. Contact Juniper Networks Technical Assistance Center (JTAC) if further assistance is required.

How does this work?

The script runs "show configuration security ike, show configuration security ipsec, show security ipsec inactive-tunnels, show security ipsec security-associations brief" to retrieve IPSec VPN related information.

Why is this important?

The script runs "show configuration security ike, show configuration security ipsec, show security ipsec inactive-tunnels, show security ipsec security-associations brief" to retrieve IPSec VPN related information.

Without Indeni how would you find this?

An administrator won't find the VPN being down until the users report issues. "show security ipsec inactive-tunnels, show security ipsec security-associations brief" will show the VPN status.


View Source Code