Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Any ways to monitor ipsec tunnel

Hi Friends,

We are using GRE over IPSec tunnel on one of our routers. The router is polled every 5 min for its status using Cisco works 2000 server. Now, my question is if there is any way i can monitor the ipsec tunnel. Reason is because the Tu0 logical interface always remains up no matter the crypto session is down. I would like to get alerted when the crypto session goes down. Is there any way to accomplish this. Appreciate your assistance on this. Thanks!

Regards,

Manoj

3 REPLIES
New Member

Re: Any ways to monitor ipsec tunnel

Hi Manoj,

i am not so familiar with Cisco Works, but i believe it has SNMP daemon. So your solution is to enable snmp trap notification when the tunnel goes down (or crypto session is broken). If you have enabled snmp-server you need to append this command in your config:

(config)#snmp-server enable traps ipsec tunnel stop

This command will generate a snmp trap to your SNMP server every time when your tunnel protection is down .

Hope it helps!

BR,

Danail Petrov

New Member

Re: Any ways to monitor ipsec tunnel

Dear Danail,

Thanks for the info. I will try to implement this and will let you know if this works. Appreciate your time.

BR,

Manoj

New Member

Re: Any ways to monitor ipsec tunnel

Look up tunnel keepalives. If the tunnel destination is not reachable when using keepalives, the tunnel status will change to down.

257
Views
0
Helpful
3
Replies
CreatePlease to create content