Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Troubleshoot a Flapping VPN Tunnel



Site-to-site VPN tunnel or remote IPsec VPN tunnel flapping (that is, going up and down in quick succession).


  1. Does the issue affect only one VPN?

    • Yes: Check the system logs and proceed to Step 2. Use the show log messages command to view the logs. You must enable information-level logging for messages to be reported correctly.

      user@host # set system syslog file messages any info

      Here are examples of system logs reporting a flapping VPN tunnel:

      VPN up/down events:

      Unstable VPN behavior (VPN constantly rebuilding):

    • No: If the issue is on all configured VPNs, investigate the errors associated with the Internet connection, and on the SRX Series device and switch interfaces. To check for errors on the SRX Series device interface, run the show interfaces extensive command.

  2. Verify that VPN Monitor is enabled for this VPN by using the show configuration security ipsec vpn vpn-name command.

    Is VPN Monitor enabled?

    • Yes: Proceed to Step 3.

    • No: Proceed to Step 5.

  3. Disable VPN Monitor and check the VPN.

    Is the VPN stable?

    • Yes: The instability is related to the VPN Monitor configuration. Proceed to Step 4.

    • No: Proceed to Step 5.

  4. Is the remote VPN connection configured to block ICMP echo requests?

    • Yes: Reenable and reconfigure VPN Monitor to use the source interface and destination IP options. See KB10119.

    • No: Proceed to Step 5.

  5. Is the remote device that is connected to the SRX Series device a non-Juniper device?

    • Yes: Verify the proxy-id value on the SRX Series device and the peer VPN device.

    • No: Proceed to Step 6.

  6. Was the VPN stable for a period of time and then started going up and down?

    • Yes: Investigate for network or device changes or whether any new network equipment has been added to the environment.

    • No: Collect site-to-site logs from the VPN devices at both ends and open a case with your technical support representative. See Data Collection for Customer Support.