Palo Alto Networks Knowledgebase: Differences Between IPSEC and LSVPN Tunnel Monitoring

Differences Between IPSEC and LSVPN Tunnel Monitoring

972
Created On 09/27/18 11:00 AM - Last Updated 09/27/18 15:23 PM
VPNs
Resolution

Overview

This document explains the differences between the normal IPSEC tunnel monitoring and LSVPN tunnel monitoring.

 

Details

IPSEC Tunnel Monitoring:

The tunnel monitors for the specific IP address mentioned in the 'destination field' as below, there are ICMP echo requests that are sent at specific intervals to check if the destination specified is alive. In case there is no response for the specified number of requests, the destination is considered not reachable and fail over occurs:

User-added image

 

LSVPN Tunnel Monitoring:

In contrast to IPSEC tunnel monitoring, the IP address given in the destination field is monitored by the satellite devices. If no IP is configured, the satellites will monitor the gateway's tunnel interface address:

User-added image

 

The setting needs to be configured only on the gateways. This will automatically be pushed to the satellites. Once the primary gateway fails, traffic from the satellites would be diverted to secondary gateway.

 

owner: rrajendran



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CmAsCAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language