Statement introduced in Junos OS Release 8.5. verify-path keyword and destination-ip added in Junos OS Release 15.1X49-D70. packet-size option added in Junos OS Release 15.1X49-D120.
Configure settings for VPN monitoring.
Because ICMP echo requests are only sent when needed to determine peer liveliness, VPN monitoring optimization can save resources on the SRX Series device. Also, ICMP echo requests can activate costly backup links that would otherwise not be used.
This option is disabled by default.
destination-ip ip-address—Original, untranslated IP address of the peer tunnel endpoint that is behind a NAT device. This IP address must not be the NAT translated IP address. This option is required if the peer tunnel endpoint is behind a NAT device. The verify-path ICMP request is sent to this IP address so that the peer can generate an ICMP response.
packet-size bytes—(Optional) The size of the packet that is used to verify an IPsec datapath before the st0 interface is brought up. The packet size must be lower than the path maximum transmission unit (PMTU) minus tunnel overhead. The packet used for IPsec datapath verification must not be fragmented. The range of the packet size is 64 to 1350 bytes and the default packet size value is 64 bytes
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.