ā06-28-2012 07:22 AM
I am working on an EEM applet on IOS is 15.2(1)T to reload a router when a VPN tunnel is down for 10 minutes, but I need it to cancel the reload when the VPN tunnel is back up. What I would like to do is to create one applet that does the following:
event manager applet VPN-Status
event track 1 state any
action 1.0 if the status is Down schedule a reload in 10 minutes
...
action 2.0 if the status is Up cancel the reload
Here is what I have configured (obviously it doesn't do what I need)
track 1 ip sla 11 reachability
delay down 5 up 10
!
ip sla 11
icmp-echo 192.168.0.1 source-ip 172.16.0.1
ip sla schedule 11 life forever start-time now
!
event manager applet VPN-Down
event track 1 state down
action 1.0 wait 600
action 1.1 syslog msg "The VPN tunnel has been down for 10 minutes."
action 2.0 reload
event manager applet VPN-Up
event track 1 state up
action 1.0 syslog msg "The VPN tunnel is up"
action 1.1 cli command "enable"
action 1.2 cli command "reload cancel"
ā06-28-2012 07:31 AM
What you want should not be done in one applet. Use two:
event manager applet tunnel-down
event track 1 state any
action 001 if $_track_state eq "down"
action 002 cli command "enable"
action 003 cli command "config t"
action 004 cli command "event manager applet vpn-timer"
action 005 cli command "event timer countdown time 600"
action 006 cli command "action 1.0 reload"
action 007 cli command "end"
action 008 else
action 009 cli command "enable"
action 010 cli command "config t"
action 011 cli command "no event manager applet vpn-timer"
action 012 cli command "end"
action 013 end
ā06-29-2012 04:09 AM
Thanks for your input Joseph, but I actually got my applets to work about 5 minutes after posting this. I decide to leave it up in case someone else may find it useful. Here are the relevant parts of my config (obviously excluding the VPN stuff):
track 1 ip sla 10 reachability
delay down 5 up 10
!
ip sla 10
icmp-echo 192.168.0.1 source-ip 172.16.0.1
frequency 300
ip sla schedule 10 life forever start-time now
!
event manager applet VPN-Down
event track 1 state down
action 1.0 syslog msg "The VPN is down"
action 1.1 cli command "enable"
action 1.2 cli command "reload in 15" pattern "confirm"
action 1.3 cli command ""
action 1.4 syslog msg "EEM scheduled reload in 15 minutes"
event manager applet VPN-Up
event track 1 state up
action 1.0 syslog msg "The VPN is up"
action 1.1 cli command "enable"
action 1.2 cli command "reload cancel"
Here is the breakdown:
1. The ip sla 10 is set to ping 192.168.0.1 from 172.16.0.1 every 300 seconds (5 minutes).
2. If an echo reply is not received in 5 seconds (delay down 5) the router will change the state of the sla to Down; the following will be displayed on screen:
%TRACKING-5-STATE: 1 ip sla 10 reachability Up->Down
3. This state change to Down triggers the VPN-Down applet which displays "The VPN is down" on the screen and schedules a reload in 15 minutes.
4. If at any point before the scheduled reload the sla state changes to Up, the VPN-Up applet is triggered (which cancels the scheduled reload).
4a. When the state of the sla changes to Up, the following will be displayed on screen:
%TRACKING-5-STATE: 1 ip sla 10 reachability Down->Up
ā05-04-2017 10:51 PM
Even though I am 5 years late, I'll still suggest that you shouldn't restart your router as soon as your VPN is down. Firstly, ping any IP such as 8.8.8.8 to ensure your router has internet and then ping 192.168.0.1 source-ip 172.16.0.1
If internet is working, but if the VPN is down. Then restart.
ā07-20-2012 09:01 AM
Are this configuration avaliable to Cisco ASA? I'm trying to monitor when my VPN's are down or "locked", and maybe this applet will be usefull.
Regards,
Leomar.
ā07-20-2012 09:04 AM
No, unfortunately EEM is not available on the ASA.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide