Hello Guys,
I have a question about the tunnel monitor, I want to apply tunnel monitor to keep up a VPN S2S that is down when there is no traffic, but this has not been successful. In the CLI it is observed that there are sending and receiving packets but in status it is down.
Here is an example:
When I try to validate on the traffic monitor or view it in real time using the "show session all filter", no active session is observed, but if I ping between hosts manually, I can see the traffic.
Is this a normal behavior?
Any comments its good.
Regards.
I think that else if the IP 169.255.255.1 on the other side is allowed because when I apply a manual ping, this if it responds, in addition that in the traffic logs I see that said traffic leaves through the VPN and Match securty rule .
And you're sure their ip is allowing ping from that host, and a route exists on the remote side into the tunnel for your 169.255 ip (and a policy if the remote is a policy based vpn)
Tunnel monitors bypass normal security rules. Did you attach that IP to the tunnel interface or to a loopback?
Does the remote have a route back to it, or are you using NAT to hide it?
If you're relying on NAT, see if you can add a route to 169.255.255.1 on the remote end as the monitor probe will not hit your NAT rules