Using GRE keep alive to check the status of Route-based Tunnels

You can optionally use GRE keep alive to check that Route-based Tunnels of the GRE tunnel type are still functioning.

When GRE keep alive is enabled, the Security Engine sends keep alive packets at the specified interval. If no reply is received after the specified number of packets, the GRE tunnel is considered to be down.

You can enable and configure GRE keepalive in the properties of tunnel interfaces on Security Engines and in the properties of Route-Based Tunnel elements. When you enable GRE keepalive for a tunnel interface on an Security Engine, GRE keepalive is used in all GRE Route-based Tunnels where the tunnel interface is an endpoint. Enabling GRE keepalive for individual Route-based Tunnels overrides the default settings defined for the tunnel interface on the Security Engine.

To use GRE keepalive, your environment must meet these requirements:

• The router to which the Security Engine is connected must support GRE keepalive.
• No Encryption must be selected for the Encryption option in the properties of the tunnel interface or Route-based Tunnels element.