 How to monitor ISP links
Hi all,
I successfully use ISP redundancy with a vpn between two sites, in active/passive mode. Right now, the 2 links only monitor their respective next hop.
I recently had a failure of the primary ISP, but the failure was somewhere on the backbone of the ISP, so checkpoint didn't notice the link was down - i had to unplug the primary link to have the secondary take over.
I now planning to had hosts to the list of monitored host, for each ISP.
It occured to me that the best host to monitor would be the distant checkpoint gateway. It means, if I can ping the distant gateway, it will be available for vpn.
I have configured it on the secondary link, in order to test it. Well, it fails. The answer is in smartview tracker : "encryption failure: Clear text packet should be encrypted".
It means, the ping packets are sent by the secondary link, so it is not encrypted -> the receiving checkpoint gateway drops it because it is originating from a gateway to which there is a vpn.
Is there a way to allow unencrypted traffic between the gateways ? I mean, I want to have all the networks behind each gateways be encrypted between the gateways, but I can't find a way to have all the traffic between the gateways not be encrypted when they use their respective public ip addresses...
Anyone has an idea ?  | 
How to monitor ISP links 
2008-02-01 
Linear Mode
