Tunnel Monitoring

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Tunnel Monitoring

L4 Transporter

Hi Team,

I wanted to setup Tunnel Monitoring for the Dynamic IPSec tunnels. Peer end IPs are dynamic, we have around 5 to 6 VPNs that we need to monitor. I was going through the SK where it says for Tunnel monitoring, we need to have IP address configured on the tunnel interface used for the VPN. And even the Tunnel interface IP can be any dummy IP which is not in the network. But if we use dummy IP will it be able to ping the peer IP which we need to monitor? Also configuring dummy IP on tunnel interface will have any impact to the tunnel which is already up and running without any issues. Please suggest.

Regards,

Sanjay S

2 REPLIES 2

Cyber Elite
Cyber Elite

if you set your dummy ips to an appropriate subnet (e.g. 169.254.0.1/30 & 169.254.0.2/30) that will create a 'connected' route in your routing table and have monitor packets find their way to the remote end of the tunnel

adding tunnel IPs won't interfere with the existing tunnels

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

Thank you @reaper i will try to set this up and get back to the thread in case if i face any issues.

  • 314 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!