One of the best ways I've found to monitor VPN tunnels is not to try to directly monitor the up/down status of the tunnel according to the device terminating the tunnel but instead to monitor an infrastructure node on the other end of the tunnel so you can tell if real traffic can successfully traverse the tunnel. This tends to be a more accurate representation of the tunnels health. It works in most deployment scenarios but not all. Does it apply to yours?
↧