Options for Generating Interesting Traffic on Static VPN If Your Firewall Only Allows a Private Static IP for Keepalive

CONTENTS

You are using a static VPN. You need to generate interesting traffic to keep the tunnel up. However, your firewall only supports using private static IPs to ping for keepalive while Cloudhub only has apps with dynamic private IPs with FQDNs.

Original article for generating interesting traffic: How to Generate Interesting Traffic for Anypoint VPN

STEPS TO FOLLOW

Solution 1) The easiest solution is to rebuild the VPN using BGP dynamic routing: link

This is the preferred solution because BGP always has traffic being sent back and forth when communicating the routes and does not need to separately generate any interesting traffic.

More information on BGP: Anypoint VPN Path Selection using BGP Routing

Solution 2) We have seen with some vendor firewalls, you can try to ping a random address within the VPC and it will work. However, other hardware (and some software versions of other hardware) will only form a one-way tunnel if it does not receive an answer from the ping. You can test this out over a few weeks to see if the tunnel stays up and you can make connections from CloudHub to your network. If it stays up without any drops, you can continue using this method. However, please be aware that not all firewalls will work with this method.