Monitoring LAN to LAN Tunnels

Unanswered Question
Oct 20th, 2008
User Badges:


I have a number of 3800 ISR with LAN to LAN IPSEC VPNS.

One One Gig port I have 18 VPN's my network monitor on alerts if the physical interface drops. I would like to monitor each tunnel and alert if it fails. I have tried a few different OID.

Can any one recommend what OID to monitor to alert a tunnel down.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
drolemc Fri, 10/24/2008 - 06:42
User Badges:
  • Silver, 250 points or more

To monitor LAN to LAN Ipsec VPN tunnel

User these commands on routers.

Router# show crypto ipsec sa

Router# show crypto isakmp sa.

You can view the IPsec and IKE statistics when you select Monitoring > Statistics > IPSec on the VPN Concentrators.

For further information click this link

johnroche_2 Sun, 10/26/2008 - 02:02
User Badges:

Thanks for the reply, but I am really looking for snmo monitoring rather than CLI.

I have tried watching phase one but is the tunnel state is UP-NO-IKE it alarms down.

If I watch phase two tunnel numbers, these change and the tunnel alarms down.

Right now I am alarming on the absence of any tunnel.

I am just wondering if there is a better way


This Discussion