Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > ipsec vpn logging

Reply
Thread Tools

ipsec vpn logging

 
 
mmark751969
Guest
Posts: n/a
 
      04-22-2009
I've established a number of ipsec vpn's from our 1811 to a number of
remote sites. This is for the purposes of internal node monitoring at
those sites. Sometimes the actual vpn's go down though(kicking off a
number of alerts). I'm wanting a way of knowing when those vpn's go
down so we know if it's the vpn's or the actual remote nodes. Would
installing a syslog server for the 1811 be sufficient or is there a
more preferred way.
 
Reply With Quote
 
 
 
 
alexd
Guest
Posts: n/a
 
      04-22-2009
mmark751969 wrote:

> I've established a number of ipsec vpn's from our 1811 to a number of
> remote sites. This is for the purposes of internal node monitoring at
> those sites. Sometimes the actual vpn's go down though(kicking off a
> number of alerts). I'm wanting a way of knowing when those vpn's go
> down so we know if it's the vpn's or the actual remote nodes. Would
> installing a syslog server for the 1811 be sufficient or is there a
> more preferred way.


If you speak SNMP, walk the CISCO-IPSEC-FLOW-MONITOR-MIB::cipSecTunnelTable
to find the index of the tunnel(s) you're interested in, and monitor
cipSecTunStatus.n, where 'n' is the index of the tunnel. There's probably a
way to SNMP trap it as well, ie get the router to tell you when the status
of a tunnel changes.

Alternatively you might be able to monitor the private-side IP of each
remote router with ping. If that disappears then you know that the tunnel
is off.

Yet another alternative is to have the remote routers do the monitoring for
you with SLAs, and poll the results with SNMP.

--
<http://ale.cx/> (AIM:troffasky) ((E-Mail Removed))
16:10:11 up 138 days, 17:21, 3 users, load average: 0.19, 0.10, 0.05
My god, said I, with my one liquid eye, am I dreaming, or am I insane?

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Logging IPSEC VPN connections with SYSLOG Corbin O'Reilly Cisco 2 07-28-2006 12:38 PM
PIX ipsec client vpn, how to create access-lists for multiple vpn groups Mephesto Cisco 2 06-09-2005 05:23 PM
IPSec VPN problem with a CISCO C827 ADSL Router and a Nortel Contivity VPN Client mw Cisco 2 04-20-2005 08:18 PM
PIX 501: Access an IPSEC VPN through a PPTP VPN - is this possible? Alex Cisco 3 05-11-2004 11:26 PM
VPN IPSEC connection between a cisco 17xx and Nortel vpn box Joris Deschacht Cisco 0 10-16-2003 02:13 PM



Advertisments