ICMP Ping and log batch file version 2 for Win 7

12/10/2012

Having seen some issues with my batch file on a Windows 7 machine, I’ve looked at tweaking it to run but show only the Minimum, Maximum and Average response time over 300 seconds (5 minutes) and then to time stamp with time+date and then loop.

:TOP
ping 1.1.1.1 -n 300 | findstr “Average” >> c:\ping.log & echo %time% %date% >> c:\ping.log
GOTO TOP

Advertisements

IPSEC VPN LAN-2LAN Debug “remote peer not responding”

09/10/2012

Debugging Lan-2-Lan VPN’s is a whole kettle of fish in its own right. The example log below shows what is visible if the remote peer does not respond to the request. In this scenario the central appliance is a Cisco ASA version 8.4(3) and acting as a VPN headend poiint of presence. The key identification of the issue below is:

MM_DONE, EV_ERROR–>MM_WAIT_MSG2, EV_RETRY–>MM_WAIT_MSG2, EV_TIMEOUT–>MM_WAIT_MSG2, NullEvent–>MM_SND_MSG1, EV_SND_MSG–>MM_SND_MSG1, EV_START_TMR–>MM_SND_MSG1, EV_RESEND_MSG–>MM_WAIT_MSG2, EV_RETRY

Note the Event Error, the Event Wait and the Event Retry on WAIT_MSG2

Oct 09 20:11:49 [IKEv1]IP = 1.1.1.1, IKE Initiator: New Phase 1, Intf inside, IKE Peer 1.1.1.1  local Proxy Address 192.168.3.0, remote Proxy Address 10.0.0.0,  Crypto map (outside_map)

Oct 09 20:11:49 [IKEv1 DEBUG]IP = 1.1.1.1, constructing ISAKMP SA payload

Oct 09 20:11:49 [IKEv1 DEBUG]IP = 1.1.1.1, constructing NAT-Traversal VID ver 02 payload

Oct 09 20:11:49 [IKEv1 DEBUG]IP = 1.1.1.1, constructing NAT-Traversal VID ver 03 payload

Oct 09 20:11:49 [IKEv1 DEBUG]IP = 1.1.1.1, constructing NAT-Traversal VID ver RFC payload

Oct 09 20:11:49 [IKEv1 DEBUG]IP = 1.1.1.1, constructing Fragmentation VID + extended capabilities payload

Oct 09 20:11:49 [IKEv1]IP = 1.1.1.1, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 364

SENDING PACKET to 1.1.1.1
09 20:11:50 [IKEv1]IP = 1.1.1.1, Queuing KEY-ACQUIRE messages to be processed when P1 SA is complete.

Oct 09 20:11:57 [IKEv1]IP = 1.1.1.1, IKE_DECODE RESENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 364

Oct 09 20:12:05 [IKEv1]IP = 1.1.1.1, IKE_DECODE RESENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 364

Oct 09 20:12:13 [IKEv1]IP = 1.1.1.1, IKE_DECODE RESENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 364

Oct 09 20:12:21 [IKEv1 DEBUG]IP = 1.1.1.1, IKE MM Initiator FSM error history (struct &0x242554a8)  <state>, <event>:  MM_DONE, EV_ERROR–>MM_WAIT_MSG2, EV_RETRY–>MM_WAIT_MSG2, EV_TIMEOUT–>MM_WAIT_MSG2, NullEvent–>MM_SND_MSG1, EV_SND_MSG–>MM_SND_MSG1, EV_START_TMR–>MM_SND_MSG1, EV_RESEND_MSG–>MM_WAIT_MSG2, EV_RETRY

Oct 09 20:12:21 [IKEv1 DEBUG]IP = 1.1.1.1, IKE SA MM:5bce5987 terminating:  flags 0x01000022, refcnt 0, tuncnt 0

Oct 09 20:12:21 [IKEv1 DEBUG]IP = 1.1.1.1, sending delete/delete with reason message

As a means to verify the outbound connectivity and nothing returning to the ASA a packet capture was used on the ASA to show the outbound requests with a nothing coming back in.


IP SLA Monitor web proxy full config

03/10/2012

Get an explanation here: http://wp.me/p223az-4k

!
ip sla monitor 101
type http operation get url http://www.cisco.com/ name-server 10.10.10.53 cache disable proxy http://10.10.10.10:8181/
freq 60
timeout 1000
threshold 3000
tag IWSVA-50
ip sla monitor schedule 101 life forever start-time now
!
ip sla monitor 201
type http operation get url http://www.cisco.com/ name-server 10.10.10.53 cache disable proxy http://10.10.10.10:8181/
freq 60
timeout 1000
threshold 3000
tag IWSVA-51
ip sla monitor schedule 102 life forever start-time now
!
ip sla monitor 102
type http operation get url http://www.hp.com/ name-server 10.10.10.53 cache disable proxy http://10.10.10.10:8181/
freq 60
timeout 1000
threshold 3000
tag IWSVA-50
ip sla monitor schedule 102 life forever start-time now
!
ip sla monitor 202
type http operation get url http://www.hp.com/ name-server 10.10.10.53 cache disable proxy http://10.10.10.11:8181/
freq 60
timeout 1000
threshold 3000
tag IWSVA-51
ip sla monitor schedule 202 life forever start-time now
!
ip sla monitor 103
type http operation get url http://www.facebook.com/ name-server 10.10.10.53 cache disable proxy http://10.10.10.11:8181/
freq 60
timeout 5000
threshold 10000
tag IWSVA-50
ip sla monitor schedule 103 life forever start-time now
!
ip sla monitor 203
type http operation get url http://www.facebook.com/ name-server 10.10.10.53 cache disable proxy http://10.10.10.11:8181/
freq 60
timeout 5000
threshold 10000
tag IWSVA-51
ip sla monitor schedule 203 life forever start-time now
!
!
track 101 rtr 101 state
delay down 5
!
track 102 rtr 102 state
delay down 5
!
track 103 rtr 103 state
delay down 5
!
track 201 rtr 201 state
delay down 5
!
track 202 rtr 202 state
delay down 5
!
track 203 rtr 203 state
delay down 5
!
event manager environment _email_server 25.25.25.25
event manager environment _email_to noc@lab.local
event manager environment _email_from router@ip-sla.local
!
!
event manager applet PROXY_101_LATENCY_ALERT
event syslog pattern “%TRACKING-5-STATE: 101 rtr 101 state Up->Down”
action 1.0 syslog msg “SLOW PROXY SERVICE”
action 1.1 mail server “$_email_server” to “$_email_to” from “$_email_from” subject “Latency Alert” body “Web Proxy 10.10.10.10 CISCO Latency Alert”
!
event manager applet PROXY_102_LATENCY_ALERT
event syslog pattern “%TRACKING-5-STATE: 102 rtr 102 state Up->Down”
action 1.0 syslog msg “SLOW PROXY SERVICE”
action 1.1 mail server “$_email_server” to “$_email_to” from “$_email_from” subject “Latency Alert” body “Web Proxy 10.10.10.10 HP Latency Alert”
!
event manager applet PROXY_103_LATENCY_ALERT
event syslog pattern “%TRACKING-5-STATE: 103 rtr 103 state Up->Down”
action 1.0 syslog msg “SLOW PROXY SERVICE”
action 1.1 mail server “$_email_server” to “$_email_to” from “$_email_from” subject “Latency Alert” body “Web Proxy 10.10.10.10 FACEBOOK Latency Alert”
!
event manager applet PROXY_201_LATENCY_ALERT
event syslog pattern “%TRACKING-5-STATE: 201 rtr 201 state Up->Down”
action 1.0 syslog msg “SLOW PROXY SERVICE”
action 1.1 mail server “$_email_server” to “$_email_to” from “$_email_from” subject “Latency Alert” body “Web Proxy 10.10.10.11 CISCO Latency Alert”
!
event manager applet PROXY_202_LATENCY_ALERT
event syslog pattern “%TRACKING-5-STATE: 202 rtr 202 state Up->Down”
action 1.0 syslog msg “SLOW PROXY SERVICE”
action 1.1 mail server “$_email_server” to “$_email_to” from “$_email_from” subject “Latency Alert” body “Web Proxy 10.10.10.11 HP Latency Alert”
!
event manager applet PROXY_203_LATENCY_ALERT
event syslog pattern “%TRACKING-5-STATE: 203 rtr 203 state Up->Down”
action 1.0 syslog msg “SLOW PROXY SERVICE”
action 1.1 mail server “$_email_server” to “$_email_to” from “$_email_from” subject “Latency Alert” body “Web Proxy 10.10.10.11 FACEBOOK Latency Alert”
!
!


IP SLA monitor response from a local web proxy and dns with email alert

03/10/2012

The following example was used to verify the performance of a rather flakey web proxy or multiple. The following solution was used from an 1861 router with multiple versions testing 6 websites across two proxy servers. In the event of the proxy slowing down the router sends out an alert email identifying that its running slow on that request. Get a full example here: http://wp.me/p223az-4m or read below for a breakdown:

!
!
!# CREATE THE SLA ID #

ip sla monitor 100

!# IDENTIFY THE TYPE OF SLA AND WHAT TO REQUEST EG: HTTP USING A LOCAL DNS AND PROXY WITHOUT WEB CACHING THE CONTENT

type http operation get url http://www.cisco.com/ name-server cache disable proxy http:///

!# HOW OFTEN TO CARRY OUT THE SERVICE LEVEL CHECK #

freq 60

!# THE TIME AN SLA WAITS FOR A RESPONSE FROM ITS REQUEST IN MILLISECONDS #

timeout 1000

!# THE UPPER LEVEL THRESHOLD FOR THE USE OF NETWORK MONITORING #

threshold 3000

!# USER DEFINED IDENTIFIER THAT CAN BE USED IN CONJUNCTION WITH SNMP OR OTHER TOOLS #

tag IWSVA-50

!# START THE MONITOR RUNNING #

ip sla monitor schedule 101 life forever start-time now
!
!
!# USE A TRACK TO MONITOR AND SET A LOGG MESSAGE #

track 101 rtr 101 state

!# DELAY BEFORE CREATING THE ALERT IN SECONDS#

delay down 5
!
!
!# DEFINE THE EMAIL SERVER, SENDER AND RE

event manager environment _email_to noc@test.net
event manager environment _email_from router@ip-sla.local
!
!
!# CREATE EEM SCRIPT TO CARRY OUT FUNCTION, DEFINE SCRIPT ID #

event manager applet PROXY_100_LATENCY_ALERT

!# DEFINE PARAMETERS TO ACT UPON IF THE TRACK FAILS #

event syslog pattern “%TRACKING-5-STATE: 100 rtr 100 state Up->Down”

!# SET ACTION UPON FAILURE TO WRITE TO LOG #

action 1.0 syslog msg “SLOW PROXY SERVICE”

!# SET ACTION UPON LOG ALERT TI SEND EMAIL WITH CONTENT AND SUBJECT #

action 1.1 mail server “$_email_server” to “$_email_to” from “$_email_from” subject “Latency Alert” body “Web Proxy CISCO Latency Alert”
!
!

tweak accordingly