RE: GETVPN Monitoring from Tyson Scott on 2010-05-12 (Ccielab archives 05/2010)

From: Tyson Scott <tscott_at_ipexpert.com>
Date: Wed, 12 May 2010 12:27:56 -0400

What do you mean as far as monitoring. From a management station? Are you
looking to verify that it is functioning or that they are registered to the
KS. It would be probably good to start to see what MIB's are available for
this.

Regards,

Tyson Scott - CCIE #13513 R&S, Security, and SP
Technical Instructor - IPexpert, Inc.
Mailto: tscott_at_ipexpert.com
Telephone: +1.810.326.1444, ext. 208
Live Assistance, Please visit: www.ipexpert.com/chat
eFax: +1.810.454.0130

IPexpert is a premier provider of Self-Study Workbooks, Video on Demand,
Audio Tools, Online Hardware Rental and Classroom Training for the Cisco
CCIE (R&S, Voice, Security & Service Provider) certification(s) with
training locations throughout the United States, Europe, South Asia and
Australia. Be sure to visit our online communities at
www.ipexpert.com/communities and our public website at www.ipexpert.com

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
Sadiq Yakasai
Sent: Wednesday, May 12, 2010 12:22 PM
To: Mahmoud Eldeeb
Cc: Cisco certification; Cisco certification
Subject: Re: GETVPN Monitoring

Hi Mahmoud,

On the endpoints, you could just run: show crypto ipsec sa | i peer|pkts

On transit devices, I guess you could just do:
ip access-list ext MONITOR_ESP/AH
    permit esp any any log
    permit ah any any log
    permit ip any any

Ofcourse, this is subject to "ip access-list log-update" configuration.

Note: there could be imposed loading on the CPU of the device due to console
logging, so proceed with caution there.

Sadiq

On Wed, May 12, 2010 at 5:06 PM, Mahmoud Eldeeb
<eng.futurama_at_gmail.com>wrote:

> Dear All
>
> How shall I monitor the encryption which is configured of around 15
> routers
> (dmvpn)
>
> --
> Best Regards,
> Mahmoud Eldeeb
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>

-- 
CCIE #19963
Blogs and organic groups at http://www.ccie.net

Received on Wed May 12 2010 - 12:27:56 ART

This archive was generated by hypermail 2.2.0 : Tue Jun 01 2010 - 07:09:52 ART