Solved: Bring up VPN by removing and re-adding crypto map to interface

jasonww04 · ‎01-24-2014

I can't figure out what is wrong. The EEM runs correctly up to action 5.2. I need to have the router wait 300 seconds before putting crypto map VPN back onto int d1.

event manager applet bring_up_VPN

event syslog pattern "%DIALER-6-UNBIND: Interface Vi2 unbound from profile Di1"

action 01.0 cli command "enable"

action 02.0 cli command "conf t"

action 03.0 cli command "int d1"

action 04.0 cli command "no cryp map VPN"

action 05.0 cli command "event manager applet enable_VPN"

action 05.1 cli command "event timer countdown time 300"

action 05.2 cli command "action 1.0 cli command enable"

action 05.3 cli command "action 2.0 cli command $q conf t$q"

action 05.4 cli command "action 3.0 cli command $q int d1$q"

action 05.5 cli command "action 4.0 cli command $q crypto map VPN$q"

action 05.6 cli command "action 5.0 cli command end"

action 05.7 cli command "no event manager applet enable_VPN"

action 06.0 cli command "end"

Joe Clarke · ‎01-25-2014

Do you have the following configured:

event manager environment q "

View solution in original post

Joe Clarke · ‎02-04-2014

I missed something. The commands are running, but then you unconfigure the timer applet in the syslog applet. That essentially negates the nested commands. Swap actions 05.6 and 05.7, and change the new 05.6 to:

action 05.6 cli command "action 5.0 cli command $q no event manager applet enable_VPN$q"

And new action 05.7 to:

action 05.7 cli command "action 6.0 cli command end"

View solution in original post

Joe Clarke · ‎01-25-2014

Do you have the following configured:

event manager environment q "

jasonww04 · ‎01-25-2014

I don't have that configured. Is that needed so that $q acts as "?

Joe Clarke · ‎01-25-2014

Yes.

jasonww04 · ‎01-29-2014

This is what I have now. Is it correct?

event manager environment q "

event manager applet bring_up_VPN

event syslog pattern "%DIALER-6-UNBIND: Interface Vi2 unbound from profile Di1"

action 01.0 cli command "enable"

action 02.0 cli command "conf t"

action 03.0 cli command "int d1"

action 04.0 cli command "no cryp map VPN"

action 05.0 cli command "event manager applet enable_VPN"

action 05.1 cli command "event timer countdown time 500"

action 05.2 cli command "action 1.0 cli command enable"

action 05.3 cli command "action 2.0 cli command $q conf t$q"

action 05.4 cli command "action 3.0 cli command $q int d1$q"

action 05.5 cli command "action 4.0 cli command $q crypto map VPN$q"

action 05.6 cli command "action 5.0 cli command end"

action 05.7 cli command "no event manager applet enable_VPN"

action 06.0 cli command "end"

Joe Clarke · ‎02-01-2014

Yes, that looks right.

jasonww04 · ‎02-04-2014

None of the lines with $q ever happen. I don't understand what is missing.

Joe Clarke · ‎02-04-2014

I missed something. The commands are running, but then you unconfigure the timer applet in the syslog applet. That essentially negates the nested commands. Swap actions 05.6 and 05.7, and change the new 05.6 to:

action 05.6 cli command "action 5.0 cli command $q no event manager applet enable_VPN$q"

And new action 05.7 to:

action 05.7 cli command "action 6.0 cli command end"

jasonww04 · ‎02-05-2014

I made the changes as you suggested. Now we just need to wait for the event to happen.

jasonww04 · ‎02-07-2014

It worked. Thanks Joseph.