The IP Manager discovers IPSec tunnels and Internet Key Exchange (IKE) tunnels between IPSec-enabled routers on IPv4 networks. It uses Router, Interface, and IP object types to model the tunnels.
During a full discovery, the IP Manager discovers the terminating subinterfaces (WAN endpoints) of IPSec tunnels and IKE tunnels, and layers the subinterfaces over the underlying physical interfaces. The IP Manager creates the network connections between the local and remote subinterfaces to form the IPSec and IKE tunnels.
The IP Availability Manager monitors the tunnels by monitoring the IsDownOrFlapping attribute of the WAN Interface objects that are associated with the tunnels. When the IP Availability Manager detects a change in the IsDownOrFlapping attribute of a WAN interface that is associated with a tunnel, it places the host router on the short discovery queue for a short discovery, to update the dynamic indices of the interfaces on the host router.
The parameters in Parameters for IPSec tunnel discovery and short discovery enable and control IPSec tunnel discovery and short discovery.
Parameter name |
Allowed values |
Description |
---|---|---|
EnableIPSecDiscovery |
TRUE,FALSE Default: FALSE Enables or disables the discovery of IPSec tunnels. |
Belongs to tpmgr-param.conf file and is described in “Description of tpmgr-param.conf” on page 40. |
ShortDiscoveryInstrPattern |
Card_Fault_CiscoONSCPU or Card_Fault_CiscoEntityFRU Instrumentation class pattern to be included in short discovery. |
Belongs to tpmgr-param.conf file and is described in “Other interface-limiting parameter types in the tpmgr-param.conf file” on page 126. |
autoReprobe_short |
TRUE,FALSE Default: FALSE Enables or disables short discovery. |
Belongs to discovery.conf file and is described in “Description of discovery.conf” on page 33. |
reprobePeriod_short |
Integer Default: 900 seconds (15 minutes) Interval between successive short discoveries. |
|
numberShortProbeThreads |
Integer Default: 7 threads Number of discovery threads that are used by the short discovery process. |
By default, neither IPSec tunnel discovery nor short discovery is enabled.
Also, by default, WAN analysis is enabled, as explained in “Controlling the analysis of wide area networks” on page 34. IPSec tunnel analysis requires that WAN analysis be disabled.