This document describes how to configure the E-mail Alert feature on the VPN 3000 Series Concentrators. The E-mail Alert feature is available in both 2.x and 3.x releases. However, the 3.x release and later is preferred.
Before you attempt this configuration, ensure that you meet these requirements:
Your Simple Mail Transfer Protocol (SMTP) server is set up correctly, and you are able to use it for your normal E-mails.
An account is set up on the SMTP server to receive the E-mail alerts.
If your E-mail server is towards the public interface, make sure that you allow SMTP packets to pass through the public filter.
The information in this document is based on these software and hardware versions:
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
This document uses this network setup:
For more information on document conventions, refer to the Cisco Technical Tips Conventions.
This list shows public and private IP addresses for the VPN 3000 Concentrators:
Private Interface: 184.108.40.206
Subnet Mask: 255.255.0.0
Public Interface: 172.18.124.133
Subnet Mask: 255.255.255.0
IP Address: 220.127.116.11
IP Address: 18.104.22.168
Make sure that the IP addresses are configured on the public and private interfaces and that you are able to get to the SMTP server from your VPN 3000 Concentrator.
Configure a system name for your VPN Concentrator. Select Configuration > System > General > Identification. The system name is used in the subject on the E-mail alerts. Once done, click Apply.
To set up E-mail alerts, select Configuration > System > Events > General, and fill out the E-mail Source Address and Severity level for Events to E-mail options.
Enter the address to put in the "From" field of an E-mailed event message. Configure this field if you configure any severity to E-mail events. If you leave it blank, the "From" field has the same address as the "To" field (the recipient's E-mail address). In this example, "vpn3000_133" is used as the source E-mail address.
Click the drop-down menu button and select the range of event severity levels to E-mail to recipients by default. The choices are None, 1, 1-2, and 1-3. The default is None, which means that no events are sent through E-mail.
If you select any severity levels to E-mail, you must also configure an SMTP server by selecting Configuration > System > Events > SMTP Servers. Then configure the E-mail recipients by selecting Configuration > System > Events > Email Recipients. Once you are done, click Apply.
Note: The Events to E-mail option under General applies to all classes. This means all classes with a severity set to 1-3 are sent out as E-mail alerts. If you want to configure using class-based E-mail alerts, see the Class-Based E-mail Alerts section of this document.
To configure the SMTP server, select Configuration > System > Events > SMTP Servers, and click Add.
Enter the IP address or hostname of the SMTP server. If you have configured a DNS server, you can enter a hostname. Otherwise, enter an IP address. In this example, the SMTP server's IP address is 22.214.171.124. Once you are done, click Add.
This section of the manager allows you to configure E-mail recipients of event messages. You can configure a maximum of five E-mail recipients. You can also customize the event message severity levels for each recipient.
If you configure any event handling, default or special, with values in the Severity to E-mail fields, you must name at least one E-mail recipient to receive the event messages. Also, you must identify at least one SMTP server to handle the outgoing E-mail.
Enter the recipient's complete E-mail address, such as firstname.lastname@example.org.
Click the drop-down menu button and select the range of event severity levels to send to the recipient through E-mail. The choices are None, 1, 1-2, and 1-3. The default is 1-3. This means the configured events of severity level 1 through severity level 3 are sent to the recipient.
You can specify which severity events you want forwarded. In this example, email@example.com has specified severity events 1, 2, and 3. However, if an administrator has specific severity events, then they can specify otherwise. The settings are user dependent.
If you want to configure only a few classes to send the E-mail alerts, then select Configuration > System > Events > Classes > Add. Click the drop-down menu button and select the event class you want to add. In this example, "HTTP" was added as the class.
Click the drop-down menu button and select the range of event severity levels to send to recipients through E-mail. Once you are done, click Add.
To make sure that the E-mail alerts work, try to log into the VPN 3000 Concentrator's graphical user interface (GUI) manager using an unknown user ID. For the purposes of this example, "admin" is used as the incorrect username and "12345" is used as the incorrect password. Then, on the VPN Concentrator, select Monitoring > Filterable Event Log. You see that the VPN Concentrator receives an AUTH/30 log with a severity set to 5 and an HTTP/7 log with a severity set to 3. The E-mail Alert feature only sends alerts for anything less than a severity level of 3.
On the receiver side, the E-mail looks similar to this example:
If you have specified the DNS name for the mail server, make sure that your VPN 3000 Concentrator is able to resolve the DNS name with an IP address. To add DNS server IP addresses, select Configuration > System > Servers > DNS and add the IP addresses and other related parameters.
If you are not able to receive E-mails, make sure that the VPN Concentrator has connectivity to the SMTP server.