{"id":299,"date":"2009-08-25T19:28:56","date_gmt":"2009-08-25T19:28:56","guid":{"rendered":"https:\/\/fir3netwp.gmsrrpobkbd.com\/2009\/08\/25\/netscreen-additional-site-2-site-vpn-options\/"},"modified":"2021-07-24T19:00:26","modified_gmt":"2021-07-24T19:00:26","slug":"netscreen-additional-site-2-site-vpn-options","status":"publish","type":"post","link":"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/netscreen-additional-site-2-site-vpn-options.html","title":{"rendered":"Netscreen – Additional Site 2 Site VPN Options"},"content":{"rendered":"

VPN Monitoring<\/strong><\/span><\/h2>\n

This allows you to ping an IP address through the tunnel. In the event of the tunnel going down a SNMP trap will be generated. The settings can be found under “VPNs > AutoKey IKE > Edit > Advanced > VPN Monitor<\/strong>“.
<\/span><\/p>\n

The “rekey<\/strong>” option will cause the Netscreen to continuously try and send ICMP down the tunnel regardless of whether there are any valid SA`s.
When the “optimized<\/strong>” option is enabled the Netscreen will consider any traffic passing the tunnel as an indication that the tunnel is active rather then sending ICMP Pings.
<\/span><\/p>\n

When VPN Monitoring is used with Route based VPN`s, the associated tunnel routes will be disabled in the event of the tunnel being classed as down. This allows for the re-routing of traffic in the event of particular tunnel failures.
<\/span>Using the “get sa” command, you can obtain the SA and Link Status. This can be found under the “Sta” column (SA\/Link). If the VPN Monitor is not enabled you will see a dash for the Link status such as (A\/-).<\/span> <\/span>
<\/span><\/p>\n

ns5gt-> get sa
total configured sa: 1
HEX ID    Gateway         Port Algorithm     SPI      Life:sec kb Sta   PID vsys
00000002<   192.168.1.107  500 esp: des\/md5  ef1d1675  3549 unlim A\/U    -1 0
00000002>   192.168.1.107  500 esp: des\/md5  b41eba07  3549 unlim A\/U    -1 0<\/span><\/p>\n

VPN Groups<\/strong><\/span><\/h2>\n

This allows you to add a number of VPN gateways to a VPN group. In the event of failure the traffic flow is sent through another gateway within the group.
<\/span><\/p>\n

Using IKE heart beats and recovery attempts with TCP-SYN flag checking the gateway can failover to another gateway without any disruption to the traffic flow.To ensure that the other gateways can establish new tunnels in the event of failover without the need of the endpoints having to reconnect (i.e an initial SYN not being required) you will need to set the following setting : `unset flow tcp-syn-check-in-tunne<\/strong>l`
<\/span><\/p>\n

VPN Groups can be configured within “VPN`s | AutoKey Advanced | VPN Groups<\/strong>“
<\/span><\/p>\n

Note <\/em>: <\/em>VPN Groups only support Policy based VPN`s.<\/span> <\/p>\n","protected":false},"excerpt":{"rendered":"

VPN Monitoring This allows you to ping an IP address through the tunnel. In the event of the tunnel going down a SNMP trap will be generated. The settings can be found under “VPNs > AutoKey IKE > Edit > Advanced > VPN Monitor“. The “rekey” option will cause the Netscreen to continuously try and … Read more<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[16],"tags":[],"yoast_head":"\nNetscreen - Additional Site 2 Site VPN Options - Fir3net<\/title>\n<meta name=\"description\" content=\"VPN Monitoring This allows you to ping an IP address through the tunnel. In the event of the tunnel going down a SNMP trap will be generated. The settings\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/netscreen-additional-site-2-site-vpn-options.html\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Netscreen - Additional Site 2 Site VPN Options - Fir3net\" \/>\n<meta property=\"og:description\" content=\"VPN Monitoring This allows you to ping an IP address through the tunnel. In the event of the tunnel going down a SNMP trap will be generated. The settings\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/netscreen-additional-site-2-site-vpn-options.html\" \/>\n<meta property=\"og:site_name\" content=\"Fir3net\" \/>\n<meta property=\"article:published_time\" content=\"2009-08-25T19:28:56+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-07-24T19:00:26+00:00\" \/>\n<meta name=\"author\" content=\"Rick Donato\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Rick Donato\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/netscreen-additional-site-2-site-vpn-options.html#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/netscreen-additional-site-2-site-vpn-options.html\"},\"author\":{\"name\":\"Rick Donato\",\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/person\/ab35009601b7687ee1c5310be6038037\"},\"headline\":\"Netscreen – Additional Site 2 Site VPN Options\",\"datePublished\":\"2009-08-25T19:28:56+00:00\",\"dateModified\":\"2021-07-24T19:00:26+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/netscreen-additional-site-2-site-vpn-options.html\"},\"wordCount\":387,\"publisher\":{\"@id\":\"https:\/\/www.fir3net.com\/#organization\"},\"articleSection\":[\"Juniper Firewalls\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/netscreen-additional-site-2-site-vpn-options.html\",\"url\":\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/netscreen-additional-site-2-site-vpn-options.html\",\"name\":\"Netscreen - Additional Site 2 Site VPN Options - Fir3net\",\"isPartOf\":{\"@id\":\"https:\/\/www.fir3net.com\/#website\"},\"datePublished\":\"2009-08-25T19:28:56+00:00\",\"dateModified\":\"2021-07-24T19:00:26+00:00\",\"description\":\"VPN Monitoring This allows you to ping an IP address through the tunnel. In the event of the tunnel going down a SNMP trap will be generated. The settings\",\"breadcrumb\":{\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/netscreen-additional-site-2-site-vpn-options.html#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/netscreen-additional-site-2-site-vpn-options.html\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/netscreen-additional-site-2-site-vpn-options.html#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.fir3net.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security\",\"item\":\"https:\/\/www.fir3net.com\/security\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Firewalls\",\"item\":\"https:\/\/www.fir3net.com\/security\/firewalls\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Juniper Firewalls\",\"item\":\"https:\/\/www.fir3net.com\/security\/firewalls\/juniper\"},{\"@type\":\"ListItem\",\"position\":5,\"name\":\"Netscreen – Additional Site 2 Site VPN Options\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.fir3net.com\/#website\",\"url\":\"https:\/\/www.fir3net.com\/\",\"name\":\"Fir3net\",\"description\":\"Keeping you in the know\",\"publisher\":{\"@id\":\"https:\/\/www.fir3net.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.fir3net.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.fir3net.com\/#organization\",\"name\":\"Fir3net\",\"url\":\"https:\/\/www.fir3net.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.fir3net.com\/wp-content\/uploads\/Fir3net-Background-Logo-compressed.png\",\"contentUrl\":\"https:\/\/www.fir3net.com\/wp-content\/uploads\/Fir3net-Background-Logo-compressed.png\",\"width\":390,\"height\":88,\"caption\":\"Fir3net\"},\"image\":{\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/person\/ab35009601b7687ee1c5310be6038037\",\"name\":\"Rick Donato\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d75d69a54c0ca3b32c24c3a9703b623c?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d75d69a54c0ca3b32c24c3a9703b623c?s=96&d=mm&r=g\",\"caption\":\"Rick Donato\"},\"description\":\"Rick Donato is a Network Automation Architect\/Evangelist and the founder of Packet Coders.\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Netscreen - Additional Site 2 Site VPN Options - Fir3net","description":"VPN Monitoring This allows you to ping an IP address through the tunnel. In the event of the tunnel going down a SNMP trap will be generated. The settings","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/netscreen-additional-site-2-site-vpn-options.html","og_locale":"en_US","og_type":"article","og_title":"Netscreen - Additional Site 2 Site VPN Options - Fir3net","og_description":"VPN Monitoring This allows you to ping an IP address through the tunnel. In the event of the tunnel going down a SNMP trap will be generated. The settings","og_url":"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/netscreen-additional-site-2-site-vpn-options.html","og_site_name":"Fir3net","article_published_time":"2009-08-25T19:28:56+00:00","article_modified_time":"2021-07-24T19:00:26+00:00","author":"Rick Donato","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Rick Donato","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/netscreen-additional-site-2-site-vpn-options.html#article","isPartOf":{"@id":"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/netscreen-additional-site-2-site-vpn-options.html"},"author":{"name":"Rick Donato","@id":"https:\/\/www.fir3net.com\/#\/schema\/person\/ab35009601b7687ee1c5310be6038037"},"headline":"Netscreen – Additional Site 2 Site VPN Options","datePublished":"2009-08-25T19:28:56+00:00","dateModified":"2021-07-24T19:00:26+00:00","mainEntityOfPage":{"@id":"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/netscreen-additional-site-2-site-vpn-options.html"},"wordCount":387,"publisher":{"@id":"https:\/\/www.fir3net.com\/#organization"},"articleSection":["Juniper Firewalls"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/netscreen-additional-site-2-site-vpn-options.html","url":"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/netscreen-additional-site-2-site-vpn-options.html","name":"Netscreen - Additional Site 2 Site VPN Options - Fir3net","isPartOf":{"@id":"https:\/\/www.fir3net.com\/#website"},"datePublished":"2009-08-25T19:28:56+00:00","dateModified":"2021-07-24T19:00:26+00:00","description":"VPN Monitoring This allows you to ping an IP address through the tunnel. In the event of the tunnel going down a SNMP trap will be generated. The settings","breadcrumb":{"@id":"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/netscreen-additional-site-2-site-vpn-options.html#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.fir3net.com\/Firewalls\/Juniper\/netscreen-additional-site-2-site-vpn-options.html"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/netscreen-additional-site-2-site-vpn-options.html#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.fir3net.com\/"},{"@type":"ListItem","position":2,"name":"Security","item":"https:\/\/www.fir3net.com\/security"},{"@type":"ListItem","position":3,"name":"Firewalls","item":"https:\/\/www.fir3net.com\/security\/firewalls"},{"@type":"ListItem","position":4,"name":"Juniper Firewalls","item":"https:\/\/www.fir3net.com\/security\/firewalls\/juniper"},{"@type":"ListItem","position":5,"name":"Netscreen – Additional Site 2 Site VPN Options"}]},{"@type":"WebSite","@id":"https:\/\/www.fir3net.com\/#website","url":"https:\/\/www.fir3net.com\/","name":"Fir3net","description":"Keeping you in the know","publisher":{"@id":"https:\/\/www.fir3net.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.fir3net.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.fir3net.com\/#organization","name":"Fir3net","url":"https:\/\/www.fir3net.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.fir3net.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.fir3net.com\/wp-content\/uploads\/Fir3net-Background-Logo-compressed.png","contentUrl":"https:\/\/www.fir3net.com\/wp-content\/uploads\/Fir3net-Background-Logo-compressed.png","width":390,"height":88,"caption":"Fir3net"},"image":{"@id":"https:\/\/www.fir3net.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.fir3net.com\/#\/schema\/person\/ab35009601b7687ee1c5310be6038037","name":"Rick Donato","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.fir3net.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d75d69a54c0ca3b32c24c3a9703b623c?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d75d69a54c0ca3b32c24c3a9703b623c?s=96&d=mm&r=g","caption":"Rick Donato"},"description":"Rick Donato is a Network Automation Architect\/Evangelist and the founder of Packet Coders."}]}},"_links":{"self":[{"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/posts\/299"}],"collection":[{"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/comments?post=299"}],"version-history":[{"count":0,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/posts\/299\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/media?parent=299"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/categories?post=299"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/tags?post=299"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}