11-21-2006 05:38 PM - edited 03-03-2019 02:46 PM
Hi All,
I have Cisco IOS ISR as VPN box with 12.4(5) image.
I am facing some problems in VPN connections to my B.O, but as of now we used to know the VPN trouble only when then user informs us.
Is it possible to detect the VPN connection status automatically?
That is I should know when the VPN connections goes down between H.O and any B.O, so I can look into the trouble before and not by user informing us.
As of now I have enabled to see the status manually in the router.
033619: Nov 21 00:06:46.458 : %CRYPTO-5-SESSION_STATUS: Crypto tunnel is DOWN. Peer A.B.C.D:500 Description: Tunnel toA.B.C.D(B.O1) Id: P.Q.R.S
033621: Nov 21 00:07:30.179 : %CRYPTO-5-SESSION_STATUS: Crypto tunnel is UP . Peer A.B.C.D:500 Description: Tunnel toA.B.C.D(B.O1) Id: P.Q.R.S
What configuration needs to be done for getting status of tunnels automatically to me (thru e-mail is most preferred)?
We have SNMP server too, but what all setup and config need in it and router?
Thank you.
11-21-2006 08:57 PM
Hi,
You can install a Syslog server which will collect all the logs and then you can send the logs to the email server. There are a lots of freeware syslog servers that you can use.
Cattools,3com syslog servers etc.
-amit singh
11-21-2006 11:16 PM
Thank you very much for the reply.
I have syslog server and logs are send to syslog server.
But sending all the logs to email server is very difficult.
If I enable the below commands, will the VPN tunnel status send to SNMP server and from SNMP server, generate an e-mail alter to me on the perticular traps?
crypto mib ipsec flowmib history failure size 200
crypto mib ipsec flowmib history tunnel size 200
snmp-server community xxxxxxxx
snmp-server trap-source FastEthernet0/0
snmp-server location a.b.c.d
snmp-server contact xxxx
snmp-server enable traps isakmp tunnel start
snmp-server enable traps isakmp tunnel stop
snmp-server enable traps ipsec tunnel start
snmp-server enable traps ipsec tunnel stop
snmp-server enable traps ipsec too-many-sas
snmp-server host a.b.c.d xxxxxxx ipsec isakmp
But with the below MIBs will it be able to setup in SNMP server?
# CISCO-IPSEC-FLOW-MONITOR- MIB
# CISCO-IPSEC-MIB
# CISCO-IPSEC-POLICY-MAP-MIB
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide