Device Level Manual Key Vpn: Using Vpn Rule Configuration Overview - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 Manual

Configuring ScreenOS Devices Guide
Table 59: Monitor
VPN Monitor
Status Description
VPN Monitor When enabled, the device sends ICMP echo requests (pings) through the tunnel at specified intervals
(configurable in seconds) to monitor network connectivity (the device uses the IP address of the local
outgoing interface as the source address and the IP address of the remote gateway as the destination
address). If the ping activity indicates that the VPN monitoring status has changed, the device triggers
an SNMP trap; VPN Monitor (in RealTime Monitor) tracks these SNMP statistics for VPN traffic in the
tunnel and displays the tunnel status.
Rekey When enabled, the device regenerates the IKE key after a failed VPN tunnel attempts to reestablish
itself. When disabled, the device monitors the tunnel only when the VPN passes user-generated traffic
(instead of using device-generated ICMP echo requests). Use the rekey option to:
Keep the VPN tunnel up even when traffic is not passing through
Monitor devices at the remote site.
Enable dynamic routing protocols to learn routes at a remote site and transmit messages through
the tunnel.
Automatically populate the next-hop tunnel binding table (NHTB table) and the route table when
multiple VPN tunnels are bound to a single tunnel interface.
Optimized This option appears only for devices running ScreenOS 5.x. When enabled, the device optimizes its VPN
monitoring behavior as follows:
Considers incoming traffic in the VPN tunnel as ICMP echo replies. This reduces false alarms that
might occur when traffic through the tunnel is heavy and the echo replies cannot get through.
Suppresses VPN monitoring pings when the tunnel passes both incoming and outgoing traffic. This
can help reduce network traffic.
Source Interface and When configured, these options use VPN Monitoring when the other end of the VPN tunnel is not a
Destination IP security device. Specify the source and destination IP addresses.
Related
Documentation

Device Level Manual Key VPN: Using VPN Rule Configuration Overview

234
Device Level Manual Key VPN: Using VPN Rule Configuration Overview on page 234
Device Level L2TP VPN: Using L2TP Users Configuration Overview on page 235
Device-Level Manual Key VPN: Using Routing-Based VPN Overview on page 231
After you have configured the VPN on each device you want to include in the VPN, you
can add a VPN rule to a security policy:
For policy-based VPNs, you must add a VPN rule to create the VPN tunnel.
For route-based VPNs, the VPN tunnel is already in place. However, you might want
to add a VPN rule to control traffic through the tunnel.
For details on adding and configuring a VPN rule in a security policy, see "Adding VPN
Rules to a Security Policy Overview" on page 237.
Copyright © 2010, Juniper Networks, Inc.