Smarts IP: How are IPsec and IKE Tunnels created and monitored in Smarts IP for Cisco devices?
book
Article ID: 327696
calendar_today
Updated On:
Products
VMware Smart Assurance
Environment
VMware Smart Assurance - SMARTS
Resolution
How are IPsec and IKE Tunnels created and monitored in Smarts IP for Cisco devices?
IPsec and IKE Tunnels are created and monitored in Smarts IP for Cisco devices as follows:
IPSec or IKE Tunnel interfaces are not created from the ifTable, but are instead created from the Vendor Specific MIB.
For Cisco devices, IPSec or IKE Tunnel interfaces are created using cipSecTunnelEntry MIB (1.3.6.1.4.1.9.9.171.1.3.2.1). Smarts get the local and remote addresses from the MIB and the tunnel interface is created with that.
AdminStatus is hardcoded as UP while OperStatus is obtained from cipSecTunStatus OID (1.3.6.1.4.1.9.9.171.1.3.2.1.51).
Additional Information
It is possible to suppress the discovery of IPSec / IKE tunnels by making "EnableIPSecDiscovery FALSE" in tpmgr-param.conf