Forum Discussion

wmarandu's avatar
wmarandu
Icon for Neophyte rankNeophyte
8 months ago

Cisco IPSec Aggregate Tunnels- False Alerts?

Hi,

We have a new deployment of Logic Monitor and we are seeing what I believe to be false alerts on our Cisco IPSec Aggregate Tunnels for a Cisco router.

The Alert only shows for some Tunnels and not others.

The Tunnels with the Critical Alert are value=2 and Threshold is 1 1 1 

Alert Message:

 

LMD6833854 critical - Router_Name Cisco IPSec Aggregate Tunnels-Tunnel x.x.x.x -> x.x.x.x TunnelStatus

ID: LMD6833854 Cisco IPSec Tunnel x.x.x.x -> x.x.x.x on Router_Name seems to have dropped or restarted, placing the tunnel into critical state. This started at 2024-04-05 09:08:39 EDT, -- or 0h 41m ago.

But if we look at the raw data on that Tunnel, there are no InDropPkts or OutDropPkts and there is throughput.

Any thoughts on why these Critical Alerts are showing up when there seems to be no issue with the router or the specific Tunnel?

Thanks

 

  • Anonymous's avatar
    Anonymous
    8 months ago

    Looking at InDropPkts and OutDropPkts is comparing apples to oranges. The message is about the tunnel being dropped, not packets dropped within the tunnel.

  • wmarandu's avatar
    wmarandu
    Icon for Neophyte rankNeophyte
    8 months ago

    well, from what I can see the tunnel is not dropping. I can't find anywhere in the display where it says the tunnel is being dropped. There are statistics for TunnelActiveTime under RAW Data and there are values even when the TunnelAlive is status is 3.

    • Anonymous's avatar
      Anonymous
      8 months ago

      Sounds like a case where the Monitoring Engineering team should weigh in on what the data means and why it's returning that value.