Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
498
Views
0
Helpful
2
Replies

Monitoring LAN to LAN Tunnels

johnroche_2
Level 1
Level 1

‎10-20-2008 05:54 AM

Hi

I have a number of 3800 ISR with LAN to LAN IPSEC VPNS.

One One Gig port I have 18 VPN's my network monitor on alerts if the physical interface drops. I would like to monitor each tunnel and alert if it fails. I have tried a few different OID.

Can any one recommend what OID to monitor to alert a tunnel down.

Labels:
0 Helpful
2 Replies 2

drolemc
Level 6
Level 6

‎10-24-2008 06:42 AM

To monitor LAN to LAN Ipsec VPN tunnel

User these commands on routers.

Router# show crypto ipsec sa

Router# show crypto isakmp sa.

You can view the IPsec and IKE statistics when you select Monitoring > Statistics > IPSec on the VPN Concentrators.

For further information click this link

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_example09186a00801f0f0c.shtml

0 Helpful

johnroche_2
Level 1
Level 1
In response to drolemc

‎10-26-2008 02:02 AM

Thanks for the reply, but I am really looking for snmo monitoring rather than CLI.

I have tried watching phase one but is the tunnel state is UP-NO-IKE it alarms down.

If I watch phase two tunnel numbers, these change and the tunnel alarms down.

Right now I am alarming on the absence of any tunnel.

I am just wondering if there is a better way

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents