Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
927
Views
0
Helpful
6
Replies

EEM sending a lot of mails and interface tunnel not stable

Go to solution
dbs-itc01
Level 1
Level 1

‎02-09-2023 09:16 AM

dbsitc01_0-1675962911490.png

track 1 interface Tunnel74 line-protocol


event manager environment email_server 172.26.32.61
event manager environment email_from jose.mendez@dole.com
event manager environment email_to jose.mendez@dole.com

 

event manager applet TU74TRACK authorization bypass
event track 1 state down
trigger delay 60
action 1 cli command "enable"
action 1.1 mail server "$email_server" to "$email_to" from "$email_from" subject "CHLR1A Tunnel 74 went down" source-interface gigabitethernet 0/0/0
action 2 cli command "conf t"
action 3 cli command "interface tunnel74"
action 4 cli command "shut"
action 5 cli command "no shut"
action 6 wait 5
action 7 mail server "$email_server" to "$email_to" from "$email_from" subject "CHLR1A Tunnel 74 re-enabled please check" source-interface gigabitethernet 0/0/0
action 8 cli command "end"

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to dbs-itc01

‎02-09-2023 03:29 PM

First i suggest :  remove this EEM  "no event manager applet TU74TRACK authorization bypass"

then you have lot of 

you have some error :

%CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=152.231.69.173, prot=50, spi=0x7F1C92AF(2132578991), srcaddr=198.217.41.252, input interface=Tunnel74

https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/115801-technote-iosvpn-00.html

even some time the email have issue

 %HA_EM-3-FMPD_SMTP: Error occurred when sending mail to SMTP server: 172.26.32.61 : timeout error

You have multiple issue you need to sort one by one, before you enable EEM script.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

0 Helpful
6 Replies 6

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎02-09-2023 10:09 AM

what is the issue, are you getting lot of emails ? or tunnel going down ?

EEM Script doing that work when ever tunnel going down ?

but in real is the Tunnel going that many times ? you need to change the script based on Syslog message and send Alerts.

Can you post show logging

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
dbs-itc01
Level 1
Level 1
In response to balaji.bandi

‎02-09-2023 10:13 AM

yes  actually lot of emails and when I check logs seems to be running many times too, do you know how can I stop this issue? take a look to this: 

Feb 9 09:11:49 CLT: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=152.231.69.173, prot=50, spi=0x7F1C92AF(2132578991), srcaddr=198.217.41.252, input interface=Tunnel74
.Feb 9 09:11:49 CLT: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel74, changed state to down
.Feb 9 09:11:59 CLT: %TRACK-6-STATE: 1 interface Tu74 line-protocol Down -> Up
.Feb 9 09:12:00 CLT: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel74, changed state to up
.Feb 9 09:12:02 CLT: %DUAL-5-NBRCHANGE: EIGRP-IPv4 7: Neighbor 192.168.74.17 (Tunnel74) is up: new adjacency
.Feb 9 09:12:24 CLT: %HA_EM-3-FMPD_SMTP: Error occurred when sending mail to SMTP server: 172.26.32.61 : timeout error
.Feb 9 09:12:56 CLT: %TRACK-6-STATE: 1 interface Tu74 line-protocol Up -> Down
.Feb 9 09:12:56 CLT: %DUAL-5-NBRCHANGE: EIGRP-IPv4 7: Neighbor 192.168.74.17 (Tunnel74) is down: interface down
.Feb 9 09:12:56 CLT: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF
.Feb 9 09:12:56 CLT: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON
.Feb 9 09:12:56 CLT: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=152.231.69.173, prot=50, spi=0x712F21A5(1898914213), srcaddr=198.217.41.252, input interface=Tunnel74
.Feb 9 09:12:57 CLT: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel74, changed state to down
.Feb 9 09:13:07 CLT: %TRACK-6-STATE: 1 interface Tu74 line-protocol Down -> Up
.Feb 9 09:13:07 CLT: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel74, changed state to up
.Feb 9 09:13:09 CLT: %DUAL-5-NBRCHANGE: EIGRP-IPv4 7: Neighbor 192.168.74.17 (Tunnel74) is up: new adjacency
.Feb 9 09:13:32 CLT: %HA_EM-3-FMPD_SMTP: Error occurred when sending mail to SMTP server: 172.26.32.61 : timeout error
.Feb 9 09:14:03 CLT: %TRACK-6-STATE: 1 interface Tu74 line-protocol Up -> Down
.Feb 9 09:14:03 CLT: %DUAL-5-NBRCHANGE: EIGRP-IPv4 7: Neighbor 192.168.74.17 (Tunnel74) is down: interface down
.Feb 9 09:14:03 CLT: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=152.231.69.173, prot=50, spi=0x940EF01D(2484006941), srcaddr=198.217.41.252, input interface=Tunnel74
.Feb 9 09:14:03 CLT: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF
.Feb 9 09:14:03 CLT: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON
.Feb 9 09:14:03 CLT: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel74, changed state to down
.Feb 9 09:14:14 CLT: %TRACK-6-STATE: 1 interface Tu74 line-protocol Down -> Up
.Feb 9 09:14:14 CLT: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel74, changed state to up
.Feb 9 09:14:15 CLT: %DUAL-5-NBRCHANGE: EIGRP-IPv4 7: Neighbor 192.168.74.17 (Tunnel74) is up: new adjacency
.Feb 9 09:14:38 CLT: %HA_EM-3-FMPD_SMTP: Error occurred when sending mail to SMTP server: 172.26.32.61 : timeout error
.Feb 9 09:15:07 CLT: %TRACK-6-STATE: 1 interface Tu74 line-protocol Up -> Down
.Feb 9 09:15:07 CLT: %DUAL-5-NBRCHANGE: EIGRP-IPv4 7: Neighbor 192.168.74.17 (Tunnel74) is down: interface down
.Feb 9 09:15:07 CLT: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=152.231.69.173, prot=50, spi=0xF6604630(4133504560), srcaddr=198.217.41.252, input interface=Tunnel74

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to dbs-itc01

‎02-09-2023 02:06 PM

For now, i suggest removing EEM Scrip running, and just Monitoring SLA track 1 is the VPN really going down - when it go down what message are you getting on the logs?

when you get an email what are the SLA track 1 results?

if the tunnel really going down so frequently you need to investigate Internet/uplink is that stable?

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
dbs-itc01
Level 1
Level 1
In response to balaji.bandi

‎02-09-2023 02:43 PM

Well actually all the information for logs I just put it above this comment, I didnt check the track status in the moment because was not checking that moment.

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to dbs-itc01

‎02-09-2023 03:29 PM

First i suggest :  remove this EEM  "no event manager applet TU74TRACK authorization bypass"

then you have lot of 

you have some error :

%CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=152.231.69.173, prot=50, spi=0x7F1C92AF(2132578991), srcaddr=198.217.41.252, input interface=Tunnel74

https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/115801-technote-iosvpn-00.html

even some time the email have issue

 %HA_EM-3-FMPD_SMTP: Error occurred when sending mail to SMTP server: 172.26.32.61 : timeout error

You have multiple issue you need to sort one by one, before you enable EEM script.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
dbs-itc01
Level 1
Level 1
In response to balaji.bandi

‎02-09-2023 03:44 PM

Alright then, thanks for your help.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card