[c-nsp] IP SLA source pings on PIX/ASA ?
Eshan
eshanvb at gmail.com
Wed Apr 13 08:25:09 EDT 2011
I tried asking this question elsewhere but wasn't able to get a satisfactory
response, thought I should try here!
We have site to site mesh ipsec tunnels that terminate on different PIXes. A
requirement for clients using these tunnels is to monitor the downtime on a
particular tunnel - using a trap sent to a remote syslog server, I am able
to filter the SNMP trap, and send an email alert.
However, is there any way to go one step further and keep a record (track)
of when the tunnel goes down and keep this data? On routers we usually use
IP SLA's with source IP specified and this seems to work very well.
On PIX/ASA however when I do a 'source' internal ipIcmpEcho (as the tunnel
far end is only accessible through a route within itself) - the track
feature fails. Can there be no IP SLA by specifying a source to ping from on
PIX/ASA's as is the case with routers?
Thank you muchly:)
Eshan.
More information about the cisco-nsp
mailing list