Troubleshooting Tip: ADVPN shortcut tunnel performance SLA shows the link is down

SD-WAN Overlay Design - ADVPN Configuration:

1. SDWAN in configured with ADVPN interfaces. 
2. Spoke is configured to monitor the loopback interface of the Hub (Ex. 10.0.0.2).
3. Spoke health check to hub is working fine.
4. When ADVPN connection established, ADVPN came up and the respective (shortcut) will become a sub-member in the performance SLA configuration.
5. The health check is performed using a ping protocol to the loopback interface as a probing server. The ping never succeeds for the shortcut tunnel.

1.  If the ADVPN setup was implemented using the wizard, the ping service may not have been enabled on the tunnel interface level.
2. The interface must be allowed to respond to ping packets.
3. The reason for this is that SD-WAN sends probes to the overlay IP address of the remote spoke to monitor the shortcut performance and health.
   
   In this example, 10.10.1.3 is the overlay IP address of the remote spoke:

4. For this reason, if ping access is not enabled, ping probes fail and the shortcuts are marked as dead.
5. Enable an administrative access ping on the ADVPN tunnel interface of spokes.

Through the CLI:

config system interface

edit "<tunnel.interface>" 

set allowaccess ping

end