I have several IPSEC tunnels established with partners which means I only control my side of the tunnel. What we are finding is that we are getting repeated up/down notifications for these tunnels that coincides with the rekey timing on the policies. We receive a down notification and then, almost instantly, receiving an alert that the tunnel is back up.
Obviously this creates challenges in appropriately supporting these connections give that it becomes exceedingly difficult to identify if a tunnel actually does go down as opposed to one of these simply up/down hops.
I've tried playing with some of the rekey margins on my side, but it doesn't appear that modifications seem to resolve the issue and, as mentioned, I only support my side of the tunnel, so it's hard to get time with the other side to troubleshoot something that doesn't actually impact performance and is merely an alert situation.
My questions is, is there a way to limit alerts only to tunnels that have been down for X minutes? That way if a tunnel drops and immediately returns it would not generate a false positive.
This thread was automatically locked due to age.
