Tunnel source is physical interface IP (link is L2VPN)

crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key MYIPSEC address 10.1.1.1

 crypto ipsec transform-set esp-3des esp-3des esp-sha-hmac
mode tunnel

!
crypto ipsec profile IPPROF
set transform-set esp-3des
!

interface Tunnel3344
ip address 192.168.75.2 255.255.255.252
keepalive 3 6
tunnel source 10.1.1.1
tunnel mode ipsec ipv4
tunnel destination 10.1.1.2
tunnel protection ipsec profile IPPROF

Dear Paul,

What is the work around to get the tunnel interface go down if destination is not reachable

Regards

Syed

Hello

---

@abid1 wrote:

Dear Paul,

 

What is the work around to get the tunnel interface go down if destination is not reachable

Regards

Syed

 

 

---

As the tunnel is stateless I dont think you can do this this unless you manually apply some form of tracking like IP SLA & EEM.but i can be wrong anyway below is a example IP SLA and EEM

(apply to both rtrs)

ip sla 1
icmp-echo (tunnel endpoint destination) source-ip  (tunnel source destination)
ip sla schedule 1 life forever start-time now

track 10 rtr 1 reachability
event manager applet Tunnel-destination-down
event track 10 state down

action 5.0 cli command "enable"
action 5.1 cli command "conf t"
action 5.2 cli command "interface tun xx"
action 5.3 cli command "shut"
action 5.4 cli command "end"

event manager applet Tunnel-destination-up
event track 10 state up
action 5.5 cli command "enable"
action 5.6 cli command "conf t"
action 5.7 cli command "interface tun xx"
action 5.8 cli command "no shut"
action 5.9 cli command "end"