Any ways to monitor ipsec tunnel

Unanswered Question
Sep 1st, 2007

Hi Friends,

We are using GRE over IPSec tunnel on one of our routers. The router is polled every 5 min for its status using Cisco works 2000 server. Now, my question is if there is any way i can monitor the ipsec tunnel. Reason is because the Tu0 logical interface always remains up no matter the crypto session is down. I would like to get alerted when the crypto session goes down. Is there any way to accomplish this. Appreciate your assistance on this. Thanks!



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
danail-petrov Sat, 09/01/2007 - 05:08

Hi Manoj,

i am not so familiar with Cisco Works, but i believe it has SNMP daemon. So your solution is to enable snmp trap notification when the tunnel goes down (or crypto session is broken). If you have enabled snmp-server you need to append this command in your config:

(config)#snmp-server enable traps ipsec tunnel stop

This command will generate a snmp trap to your SNMP server every time when your tunnel protection is down .

Hope it helps!


Danail Petrov

Manoj Wadhwa Sat, 09/01/2007 - 06:02

Dear Danail,

Thanks for the info. I will try to implement this and will let you know if this works. Appreciate your time.



osiristrading123 Sat, 09/01/2007 - 10:54

Look up tunnel keepalives. If the tunnel destination is not reachable when using keepalives, the tunnel status will change to down.


This Discussion