Cisco IPSec Aggregate Tunnels- False Alerts?

Question

Hi,We have a new deployment of Logic Monitor and we are seeing what I believe to be false alerts on our Cisco IPSec Aggregate Tunnels for a Cisco router.The Alert only shows for some Tunnels and not others.The Tunnels with the Critical Alert are value=2 and Threshold is 1 1 1&nbsp;Alert Message:&nbsp;LMD6833854 critical - Router_Name Cisco IPSec Aggregate Tunnels-Tunnel x.x.x.x -&gt; x.x.x.x TunnelStatusID: LMD6833854 Cisco IPSec Tunnel x.x.x.x -&gt; x.x.x.x on Router_Name seems to have dropped or restarted, placing the tunnel into critical state. This started at 2024-04-05 09:08:39 EDT, -- or 0h 41m ago.But if we look at the raw data on that Tunnel, there are no InDropPkts or OutDropPkts and there is throughput.Any thoughts on why these Critical Alerts are showing up when there seems to be no issue with the router or the specific Tunnel?Thanks&nbsp;

stuart_weenig · Answer

Sounds like a case where the Monitoring Engineering team should weigh in on what the data means and why it's returning that value.

stuart_weenig · Answer

Looking at InDropPkts and OutDropPkts is comparing apples to oranges. The message is about the tunnel being dropped, not packets dropped within the tunnel.

wmarandu · Answer

well, from what I can see the tunnel is not dropping. I can't find anywhere in the display where it says the tunnel is being dropped. There are statistics for TunnelActiveTime under RAW Data and there are values even when the TunnelAlive is status is 3.

Forum Discussion

Cisco IPSec Aggregate Tunnels- False Alerts?

3 Replies

Related Content

Tunnel interface monitoring in LoigicMonitor

VPN Tunnel Monitoring

95th Percentile Billing - Aggregate Interfaces

SonicWall VPN Tunnel Monitoring

Checkpoint IPsec Tunnel Monitoring.

Recent Discussions

Which PropertySource tags categories with "snmp"?

ESX Host Services?

Issues with Set-LMWebsiteGroup

What not to do when developing code

REST API 503 errors