You could use event-script which checks IPSec tunnel status every X mins and
if tunnel is down, write a custom syslog message/send a trap.
Rgds
Alex
- Original Message -
From: Derick Winkworth dwinkwo...@att.net
To: juni...@groupstudy.com; juniper-nsp@puck.nether.net
Sent: Saturday, August 15, 2009 2:21 PM
Subject: [j-nsp] Two IPSec questions...
Using next-hop style service-sets.
1) Is there any kind of observable event/log entry that occurs when a
plain IPSec tunnel goes down (remote endpoint has static IP)?
When a tunnel goes down at one site, we would like to redirect
traffic to another site that also has a tunnel to the same remote
network... RRI doesn't work for remote static IPs. Also you can not
have more than one ISAKMP access profile applied to a single public IP.
I cant seem to get the router to generate any kind of event when DPD
detects loss of peer.
2) Dynamic routing over IPSec using BGP... solutions (preferably
without GRE)?
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp