Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1623
Views
0
Helpful
3
Replies

IPSec tunnel monitoring

Mmiselo
Level 1
Level 1

‎12-19-2018 06:33 AM - edited ‎02-21-2020 09:31 PM

Good day,

 

We configure an IPSec tunnel this way,

 

crypto isakmp policy 20
 encr aes 256
 hash sha256
 authentication pre-share
 group 5
 lifetime 64000

crypto isakmp key Test!234 address 41.181.148.172
crypto ipsec transform-set TEST ah-sha256-hmac esp-aes 256

crypto map cisco 110 ipsec-isakmp
 set peer 41.181.148.172
 set security-association lifetime seconds 43200
 set transform-set TEST
 set pfs group5
 match address 140

ip access-list extended 140
 permit ip host 10.235.235.235 host 10.220.220.220

 

 

The issue is that we can't monitor the tunnel to know when it's down. Is there a way you can recommend that we build and tunnel to cater for the same requirement and yet be able to monitor it?

 

Regards

Nelson

Labels:
0 Helpful
3 Replies 3

mkazam001
Level 3
Level 3

‎12-19-2018 06:37 AM

you can use either IP SLA with syslogs to monitor if the remote peer is up or use a NMS, like PRTG or Soalrwinds.

regards, mk

0 Helpful

Mohammed al Baqari
Level 11
Level 11

‎12-19-2018 07:06 AM

You can enable vpn logging which will generate syslog whenever the tunnel
goes down.
0 Helpful

Mmiselo
Level 1
Level 1
In response to Mohammed al Baqari

‎12-19-2018 07:33 AM

Using a Cisco router 2900/1800
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents