Re: Using EEM to recreate the tunnel

bogdan.arvunescu · ‎04-06-2012

Hello all,

This week a friend of mine gave me an old 871. So i was thinking to create a vpn tunnel between his home and mine to do some tests.

Since my connection from the ISP is through PPPoE , thus dynamic IP, it was quite a challenge to create a dynamic tunnel between us, without having us to interfere every time I get a new IP from the ISP. I was able to accomplish this using a dynamic dns server (in my case the "no-ip"), but i have some difficulties setting up the eem script -> below are the only 2 commands that must be entered every time my IP is changed.

At my home i have some power issues, so the router might be restarted quite often.

The problem is that the message regarding the reachability appears only one time, but i'd wish this state of reachability to be checked every 15 seconds or so...while my router gets powered on, sends a message to DDNS and, most important, my hostname gets updated with the new IP - my measured time is about 5 mins.

Below is the script running successfully when i shut down the tunnel interface.

Apr 6 20:04:08: %LINK-5-CHANGED: Interface Tunnel1, changed state to administratively down

Apr 6 20:04:08: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to down

Apr 6 20:04:11: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down

Apr 6 17:04:12.024: %HA_EM-6-LOG: keep_tunnel_up: bringing the tunnel up...

Concluding, i'd wish my script to run endless if the state of the ip track is down (of course, until it gets the up state). Many thanks!!

192.168.5.0/24 is my lan network, while 10.0.1.0/24 is my friend's local network; this script runs on my friend's router:

ip sla 10

icmp-echo 192.168.5.1 source-ip 10.0.1.1

threshold 1000

timeout 2000

frequency 2

ip sla schedule 10 life forever start-time now

track 10 ip sla 10 reachability

event manager applet keep_tunnel_up

event track 10 state down

action 1.0 cli command "enable"

action 1.1 cli command "configure term"

action 1.2 cli command "interface Tunnel1"

action 1.3 cli command "tunnel destination myhostname"

action 2.0 cli command "crypto map VPN 10"

action 2.1 cli command "set peer myhostname"

action 2.2 syslog msg "bringing the tunnel up..."

Joe Clarke · ‎04-06-2012

You can do this by adding another policy. This should do what you want.

event manager environment q "

!

event manager applet keep_tunnel_up

event track 10 state down

action 1.0 cli command "enable"

action 1.1 cli command "configure term"

action 1.2 cli command "event manager applet retry-tunnel"

action 1.3 cli command "event timer watchdog time 15"

action 1.4 cli command "action 1.0 cli command enable"

action 1.5 cli command "action 2.0 cli command $q config t$q"

action 1.6 cli command "action 3.0 cli command $q interface Tunnel1$q"

action 1.7 cli command "action 4.0 cli command $q tunnel destination myhostname$q"

action 1.8 cli command "action 5.0 cli command $q crypto map VPN 10$q"

action 1.9 cli command "action 6.0 cli command $q set peer myhostname$q"

action 2.0 cli command "action 7.0 syslog msg $q bringing the tunnel up...$q"

action 2.1 cli command "action 8.0 cli command end"

action 2.2 cli command "end"

!

event manager applet tunnel-up

event track 10 state up

action 1.0 cli command "enable"

action 2.0 cli command "config t"

action 3.0 cli command "no event manager applet retry-tunnel"

action 4.0 cli command "end"

bogdan.arvunescu · ‎04-07-2012

I checked your idea and it's working fine!

Thanks!