VPN Monitoring Overview

SUMMARY Read this topic to know why it's important to monitor VPNs and learn about what Junos OS offers to monitor your VPNs.

VPN monitoring is an important feature in terms of having an uninterrupted channel for secure communication. You monitor the VPN to ensure seamless functioning of all the elements involved in secure channel establishment—the security associations, the endpoints, the tunnel etc. focusing on tracking the overall health of the VPN.

Let’s say, you have a VPN established between your SRX Series Firewalls, SRX1 and SRX2. You typically assume that the VPN works seamlessly without any issues. However, that's not the case in a real scenario. You may encounter the following issues related to the VPN tunnel between the two firewalls:

• You stopped receiving traffic from the remote peer—How do you know whether there're no clients trying to use the VPN tunnel or whether another firewall in the data path is blocking the traffic?

• Your tunnel is successfully established (IKE phase 1 and phase 2 are complete), but the remote VPN endpoint becomes unreachable—Does the firewall detect this problem and ensure that the tunnel state is updated if the peer becomes unreachable?

• What if you know that the remote VPN endpoint is reachable, but you also want to verify that a specific host on the remote network is also reachable?

• What if suddenly your VPN peers become unsynchronized?

The VPN monitoring techniques discussed in this topic can detect these problems.