Cisco ASA: Tunnel Phase-2 incoming dropped packets Health Monitor

Jalasoft.Xian.SmartManagementPacks.CiscoASA.TunnelPhase2IncomingDroppedPackets.1.1 (AggregateMonitor)

This monitor catches Xian events that notifies when the Tunnel Phase-2 incoming dropped packets if has changed its state.

Knowledge Base article:

Summary

Phase-2 Tunnel incoming dropped packets is over threshold.

The number of discarded incoming packets by an IPsec Phase-2 IKE Tunnel is above the maximum threshold configured in Xian Network Manager 2012.

Causes

It may be due to duplicate identifiers.

Resolutions

Check your tunnel definitions, and be sure that for each tunnel you have defined between two given routers, there is a unique identifier.

Additional

Monitors the total number of packets dropped by an IPsec Phase-2 IKE Tunnel during received processing.

Element properties:

TargetJalasoft.Xian.Common.Elements.ThirdParty.Cisco.JsXCiscoASATunnelsPhase2Element
Parent MonitorSystem.Health.PerformanceState
AlgorithmWorstOf
CategoryStateCollection
EnabledTrue
Alert GenerateTrue
Alert SeverityMatchMonitorHealth
Alert PriorityLow
Alert Auto ResolveTrue
RemotableTrue
AccessibilityPublic
Alert Message
Tunnel Phase-2 incoming dropped packets Alert
{0}

Source Code:

<AggregateMonitor ID="Jalasoft.Xian.SmartManagementPacks.CiscoASA.TunnelPhase2IncomingDroppedPackets.1.1" Accessibility="Public" Enabled="true" Target="ThirdParty_Cisco!Jalasoft.Xian.Common.Elements.ThirdParty.Cisco.JsXCiscoASATunnelsPhase2Element" ParentMonitorID="SystemHealth!System.Health.PerformanceState" Remotable="true" Priority="Normal">
<Category>StateCollection</Category>
<AlertSettings AlertMessage="TunnelPhase2IncomingDroppedPackets_AlertMessage">
<AlertOnState>Warning</AlertOnState>
<AutoResolve>true</AutoResolve>
<AlertPriority>Low</AlertPriority>
<AlertSeverity>MatchMonitorHealth</AlertSeverity>
<AlertParameters>
<AlertParameter1>$Data/Context/Params/Param[3]$</AlertParameter1>
</AlertParameters>
</AlertSettings>
<Algorithm>WorstOf</Algorithm>
</AggregateMonitor>