12-19-2018 06:33 AM - edited 02-21-2020 09:31 PM
Good day,
We configure an IPSec tunnel this way,
crypto isakmp policy 20
encr aes 256
hash sha256
authentication pre-share
group 5
lifetime 64000
crypto isakmp key Test!234 address 41.181.148.172
crypto ipsec transform-set TEST ah-sha256-hmac esp-aes 256
crypto map cisco 110 ipsec-isakmp
set peer 41.181.148.172
set security-association lifetime seconds 43200
set transform-set TEST
set pfs group5
match address 140
ip access-list extended 140
permit ip host 10.235.235.235 host 10.220.220.220
The issue is that we can't monitor the tunnel to know when it's down. Is there a way you can recommend that we build and tunnel to cater for the same requirement and yet be able to monitor it?
Regards
Nelson
12-19-2018 06:37 AM
you can use either IP SLA with syslogs to monitor if the remote peer is up or use a NMS, like PRTG or Soalrwinds.
regards, mk
12-19-2018 07:06 AM
12-19-2018 07:33 AM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: