10-20-2008 05:54 AM
Hi
I have a number of 3800 ISR with LAN to LAN IPSEC VPNS.
One One Gig port I have 18 VPN's my network monitor on alerts if the physical interface drops. I would like to monitor each tunnel and alert if it fails. I have tried a few different OID.
Can any one recommend what OID to monitor to alert a tunnel down.
10-24-2008 06:42 AM
To monitor LAN to LAN Ipsec VPN tunnel
User these commands on routers.
Router# show crypto ipsec sa
Router# show crypto isakmp sa.
You can view the IPsec and IKE statistics when you select Monitoring > Statistics > IPSec on the VPN Concentrators.
For further information click this link
10-26-2008 02:02 AM
Thanks for the reply, but I am really looking for snmo monitoring rather than CLI.
I have tried watching phase one but is the tunnel state is UP-NO-IKE it alarms down.
If I watch phase two tunnel numbers, these change and the tunnel alarms down.
Right now I am alarming on the absence of any tunnel.
I am just wondering if there is a better way
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide