cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3062
Views
0
Helpful
1
Replies

SNMP Trap for IPSec Tunnel Flap

Elie Bassil
Level 1
Level 1

Hello,

We have a scenario where on a router we have multiple VPN Tunnels (IPSec) established, this router is configured to send SNMP traps (find attached SNMP config). The problem is that once one of the Tunnels goes down, we are receiving an SNMP trap for it which is being interpreted by our SNMP software as:

IPsec Phase-1 IKE Tunnel Stopped (GARBAGE to GARBAGE)

Where "GARBAGE" is just some random characters. My question is: Should the trap include the Peer IP of the Tunnel that flapped? If yes why are we getting Garbage value instead.

10x,

E.B:.

1 Reply 1

Elie Bassil
Level 1
Level 1

After opening a TAC case the issue was related to:

CSCsq41969   Bug Details

Incorrect   cikePeerLocalAddr & cikePeerRemoteAddr in cikeTunnelStop trap


Symptom:

Incorrect IP addresses displayed.

Conditions:
It is observed for the cikePeerLocalAddr and cikePeerRemoteAddr objects when
sent with the cikeTunnelStop trap. But for cikeTunnelStart the value shown   was
correct.

Workaround:
Not available.

Review Cisco Networking for a $25 gift card