Knowledge Search


×
 

[SRX] How do you enable the 'optimized' feature of VPN Monitor and what does it do?

  [KB10118] Show Article Properties


Summary:

When enabling the 'optimized' option of VPN monitor, existing traffic through the VPN is used for the monitoring packet, instead of using the VPN monitor ping, which would normally be sent.  This article shows how to enable the 'optimized' feature.


Symptoms:

How do you enable the 'optimized' feature of VPN Monitor and what does it do?


Cause:

Solution:

What does the 'optimized' feature do?

When VPN monitoring is enabled for a specific tunnel, the security device sends ICMP echo requests (or “pings”) through the tunnel at specified intervals (configured in seconds) to monitor network connectivity through the tunnel.

However, when the 'optimized' feature is selected, the VPN monitoring behavior changes as follows:

  • The SRX or J Series device accepts incoming traffic through the VPN tunnel as a substitute for ICMP echo replies.
  • If there is both incoming and outgoing traffic through the VPN tunnel, the SRX or J Series device suppresses VPN monitoring pings.
Note:  If you enable VPN monitoring optimization, be aware that VPN monitoring can no longer provide accurate SNMP statistics.


To enable the 'optimized' feature of VPN Monitor, use one of the following methods:

CLI:

root@srx#set security ipsec vpn <vpn-name> vpn-monitor optimized


 J-Web:

  1. Go To Configure > IPSec VPN > Auto Tunnel > Phase II
  2. Click the Add icon at the top right.
  3. Click the 'IPSec VPN Options' tab.
  4. Check the box 'Enable VPN monitor'
  5. Check the 'Optimized' box
  6. Optional:  Specify a 'Destination ip' and/or a 'Source interface'.
        For information on the usage of the Source Interface and Destination IP, consult KB10119 - Configuring the Source Interface and Destination IP options of VPN Monitor.




Related Links: