cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
593
Views
0
Helpful
3
Replies

Any ways to monitor ipsec tunnel

Manoj Wadhwa
Level 1
Level 1

Hi Friends,

We are using GRE over IPSec tunnel on one of our routers. The router is polled every 5 min for its status using Cisco works 2000 server. Now, my question is if there is any way i can monitor the ipsec tunnel. Reason is because the Tu0 logical interface always remains up no matter the crypto session is down. I would like to get alerted when the crypto session goes down. Is there any way to accomplish this. Appreciate your assistance on this. Thanks!

Regards,

Manoj

3 Replies 3

danail-petrov
Level 1
Level 1

Hi Manoj,

i am not so familiar with Cisco Works, but i believe it has SNMP daemon. So your solution is to enable snmp trap notification when the tunnel goes down (or crypto session is broken). If you have enabled snmp-server you need to append this command in your config:

(config)#snmp-server enable traps ipsec tunnel stop

This command will generate a snmp trap to your SNMP server every time when your tunnel protection is down .

Hope it helps!

BR,

Danail Petrov

Dear Danail,

Thanks for the info. I will try to implement this and will let you know if this works. Appreciate your time.

BR,

Manoj

Look up tunnel keepalives. If the tunnel destination is not reachable when using keepalives, the tunnel status will change to down.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco