Site to Site VPN Connection Event Monitoring

The site-to-site VPN connection event allows you to know if the VPN encrypts or do not encrypts the connection and helps you to troubleshoot connectivity issues, especially in multi-hop VPN deployments. The event dashboard of the Firewall Management Center displays the IP address of the VPN peer (peer’s IKE address) which encrypts or decrypts the traffic and displays the VPN action as follows:

• If the connection is decrypted by the VPN, the column Decrypt Peer displays the IP address of the peer's address from where the flow was received and displays Decrypt as the VPN action.

• If the connection is encrypted by the VPN, the column Encrypt Peer displays the IP address of the VPN peer to which the flow is sent and displays Encrypt as the VPN action.

• If the VPN server cascades the connection, it gets decrypted on one tunnel and gets re-encrypted on another tunnel. In this case, both Encrypt Peer and Decrypt Peer IP addresses get appears in the event. The column VPN Action displays VPN Routing as the action to indicate that the connection transit through the VPN server.

If you enable the bypass Access Control Policy for decrypted traffic (sysopt permit-vpn) option, the system bypasses the Access Control Policy and do not log events for decrypted traffic. This option is disabled by default and all decrypted traffic in the VPN tunnel undergoes ACL inspection.