How to monitor IKE phase 1 of any Site-2-Site VPN tunnels via syslog messages
I'm having a ASA5520 with multiple site-2-site VPN tunnels (and also RA VPN connections) I like to monitor when ever a specific (known peer-adress) goes down and reconnects. I like to use syslog messages to be the tricker, but I'm not certain which syslog messages to look for. I know that %ASA-5-713119 tells when the phase 1 has completet.
But which syslogmessage tles me when the IKE phase 1 is torn down?
Not sure if you've got the solution to this but I recently wrote a post on the same scenario that I wanted to implement. I did this with PIX but the syslog message ID is the same for the ASA (tested it).
There is a good chance of false positives. Your VPN tunnel may time out due to inactivity and that can also generate the same Syslog ID.
I have suggested to disable vpn-idle-timeout in the post, but it's not required if you have a comprehensive syslog/SNMP server that can read the log packets in detail. That way further filtering can be done on the Syslog/SNMP server to ignore false positives. I did this in Zenoss.
If you don't have such a comprehensive monitoring tool, you can then try to disable the timeout, so at least you won't get those false positives that may be triggered because of the VPN being idle.
Let me know if you need more information on this. Hope this helps you and anyone else who comes across this.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :