I've established a number of ipsec vpn's from our 1811 to a number of remote sites. This is for the purposes of internal node monitoring at those sites. Sometimes the actual vpn's go down though(kicking off a number of alerts). I'm wanting a way of knowing when those vpn's go down so we know if it's the vpn's or the actual remote nodes. Would installing a syslog server for the 1811 be sufficient or is there a more preferred way.
If you speak SNMP, walk the CISCO-IPSEC-FLOW-MONITOR-MIB::cipSecTunnelTable to find the index of the tunnel(s) you're interested in, and monitor cipSecTunStatus.n, where 'n' is the index of the tunnel. There's probably a way to SNMP trap it as well, ie get the router to tell you when the status of a tunnel changes.
Alternatively you might be able to monitor the private-side IP of each remote router with ping. If that disappears then you know that the tunnel is off.
Yet another alternative is to have the remote routers do the monitoring for you with SLAs, and poll the results with SNMP.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.