12-15-2020 04:48 AM
I have tunnel ipsec site to site vpn after enabling tunnel monitor tunnel status is down although phase 1 and phase 2 are up.
12-15-2020 11:07 AM
if both phases are still showing green ,the tunnel is actually up
how did you set the monitoring profile? have you tested pinging the remote IP for reachability before enabling tunnel monitoring?
double check if your security policy allows pinging the remote IP, double check if there is a need for additional routes or proxy-IDs for the remote IP, check if the IP is accepting ping (it may require a profile to be activated, or an ACL/security policy to be updated before you are able to ping it
12-15-2020 12:04 PM
@Thyrion Thanks for your reply
for the monitoring profile it configured as fail over
and we can reach the pear tunnel IP before enable tunnel monitor
and there is a policy to allow ping
but after enable tunnel monitor the status goes down with no reason
and when we try to ping the peer tunnel IP in this time the reply is Destination Host Unreachable
12-15-2020 12:33 PM
The 'fail-over' action will bring down the tunnel when the remote peer is unavailable
Do you have a backup tunnel to take over? If not, it is better to hold-wait, else the tunnel has no way of recovering from a fault
Hold-wait will also allow you to troubleshoot your tunnel monitor as it will not kill the tunnel
12-16-2020 12:23 AM
yes, I have a backup but I reach the peer when I disable the monitor when I enable it the peer is unreachable.
when I enable monitor, the peer unreachable but phase 1&2 green.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!