Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1541
Views
0
Helpful
4
Replies

IP SLA event to fire EEM script

Scott Sams
Level 1
Level 1

‎03-12-2016 07:21 AM

I am completely new to EEM and I am in need due to a problem we are having with our cloub web gateway services.  While they work out their issues, I need an IP SLA that does a simple http connect and it it fails, reset an IPSEC tunnel.  I have the IP SLA working but I am unsure if we have the EEM script right because I never even see an attempt for it to fire.

Here is the basics of what we have.  Maybe we are missing something?  Thanks for any help you can provide.

Scott

event manager applet RESET-WS-VPN
event track 40 state down
action 001 cli command "enable"
action 002 cli command "clear crypto session remote x.x.x.x"
action 099 syslog msg "Websense tunnel cleared"

!
track 40 ip sla 40000
delay down 10 up 10

ip sla 40000
 http get http://www.google.com/ source-ip x.x.x.x
 owner SW.IpSla.P104.Solarwinds_Orion
 frequency 300
 timeout 180000
 threshold 1000
ip sla schedule 40000 life forever start-time now

gw#sh ip sla su
IPSLAs Latest Operation Summary
Codes: * active, ^ inactive, ~ pending

ID           Type        Destination       Stats       Return      Last
                                           (ms)        Code        Run
-----------------------------------------------------------------------
*40000       http        216.58.218.100    -           No connecti 4 minutes, 9
                                                                 seconds ago  
                                                                              

Labels:
0 Helpful
4 Replies 4

Philip D'Ath
VIP Alumni
VIP Alumni

‎03-13-2016 03:57 PM

It looks like it should work to me.

Are you sure your http connect will go over the VPN?

0 Helpful

Scott Sams
Level 1
Level 1
In response to Philip D'Ath

‎03-13-2016 04:37 PM

yes.  it has been validated.  the IP SLA is up and running on 240 routers right now.  that is not the issue.  the issue is EEM firing when it changes from an OK status to a failure.  my problem is the EEM either detecting the down state or executing based off of it.

0 Helpful

Joe Clarke
Cisco Employee
Cisco Employee
In response to Scott Sams

‎03-25-2016 01:06 PM

The EEM config is fine.  Are you sure the tracked object is actually down?  If you run the "clear crypto ..." command manually, what do you get back from the router?

0 Helpful

Scott Sams
Level 1
Level 1
In response to Joe Clarke

‎03-25-2016 01:09 PM

we resolved the issue.  we had to add this at the global level for it to run.  it is working great now thanks.

event manager session cli username "xxxxxxx" privilege 15

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card