When should I use IKE Heartbeat and when should' I use VPN Monitor
IKE heartbeat is generally used for policy-based tunnel detection and failover.' VPN monitor is generally used to detect and report that the VPN is down, and for re-connecting a tunnel for route-based VPNs.'
IKE heartbeats are based on a' Lucent-defined enhancement for IKE to detect tunnel availability.' VPN monitor uses ICMP echo/response.
Both methods accomplish the same thing, to detect a tunnel outage.' Both will bring up the tunnel automatically when there is no traffic.
IKE heartbeats came first and are mainly used for VPN groups which are used in policy-based tunnels for tunnel failover.' Both ends of the tunnel must support IKE heartbeats to be used.
VPN monitor was originally designed to report VPN outage via SNMP and to the log events.' It was later enhanced to provide the tunnel re-connect feature that IKE heartbeat had, but more functional for route-based tunnels.' If VPN Monitor detects a tunnel down, it can mark the virtual tunnel interface as down, bringing all associated routes down (or indicating to the dynamic routing protocol to drop routes, similar to pulling a cable and bringing the layer 2 link state down on a physical interface).' ICMP is used as a probe for VPN Monitor for better interoperability with other vendors.