Text Size:        

• Ask the KB
• Find answers in our KB
  
  Example: "Configure BGP"
  
• KB Article Feedback
• This article was easy to understand:

  Strongly Agree
  Agree
  Neutral
  Disagree
  Strongly Disagree
  

  This article was complete and accurate:

  Strongly Agree
  Agree
  Neutral
  Disagree
  Strongly Disagree
  

  How best can we improve this article?:

  
  

  What is your overall rating on this article?:

  Excellent
  Good
  Neutral
  Poor
  Very Poor
  

How do you enable the Optimized feature of VPN Monitor and what does it do? (KB ID: KB9522)

Back to Previous Page | Knowledge Base Home

Article URL

http://kb.juniper.net/KB9522

Synopsis

When enabling optimization, existing traffic through the VPN is used for the monitoring packet, instead of using the VPN monitor ping, which would normally be sent.  How is Optimization enabled and how is it used? 

Problem

How do you enable the Optimized feature of VPN Monitor and what does it do?

   

Solution

To enable the Optimized feature of VPN Monitor:

From the WebUI:

• Click on VPNs > AutoKey IKE
• Find the AutoKey IKE for the tunnel in question and click Edit.
• Click on the Advanced button.
  The VPN Monitor configuration is at the bottom of the page.  The Optimized feature is enabled with a check box.
  
  

   
  

  
  
  For information on Source Interface and Destination IP, consult KB9503 - Configuring the Source Interface and Destination IP options of VPN Monitor

From the CLI,

• Enter the following command:
  
  set vpn <vpnname> monitor optimized [rekey]

 

What is the Optimized feature used for?

When you enable VPN monitoring for a specific tunnel, the security device sends ICMP echo requests (or “pings”) through the tunnel at specified intervals (configured in seconds) to monitor network connectivity through the tunnel.

When Optimized is selected, the VPN monitoring behavior changes as follows:

• The Juniper firewall device accepts incoming traffic through the VPN tunnel as a substitute for ICMP echo replies.
• If there is both incoming and outgoing traffic through the VPN tunnel, the device suppresses VPN monitoring pings.
  
  If you enable VPN monitoring optimization, be aware that VPN monitoring can no longer provide accurate SNMP statistics.
  

 If you upgrade from ScreenOS 4.x to ScreenOS 5.x and find the VPN tunnels are marked down by VPN monitor, it is recommended that you enable the Optimized feature of VPN Monitor.

 

 

Category Description

By Product » Hardware » Firewalls
By Product » Software » Network Operating Systems » ScreenOS Software

Purpose

Troubleshooting

Related Articles

Related Links

• KB9488 - How to troubleshoot a VPN tunnel that is going up and down

Related Files