"no monitor-interface" from CSManager to ASA 5505 causes deployment failure

Answered Question
Oct 9th, 2009
User Badges:

All,


I recently imported an ASA 5505 (code 8.2(1)) into Cisco Security Manager 3.3.0. When I try to deploy the config back, even if I make no changes, I get the following error(s) reported in the transcript:


Line# 2. (ERROR) Sent (Fri Oct 09 11:32:48 EDT 2009): no monitor-interface inside

Received (Fri Oct 09 11:32:48 EDT 2009): ERROR: Command requires failover license

Line# 3. (ERROR) Sent (Fri Oct 09 11:32:48 EDT 2009): no monitor-interface outside

Received (Fri Oct 09 11:32:48 EDT 2009): ERROR: Command requires failover license


I do understand why the command is failing; that's not the problem. The problem is that CSManager is sending this irrelevant and problematic command. I can't find a way to tell CSManager to not do this. (FlexConfig, for example, just lets you add more commands before or after the main config. You cannot tell it to *not* config something.)


I've been unable to find any mention of this on Cisco.com or in NetPro. Can anyone give me some advice?


Thanks,


Christopher Ursich


Correct Answer by Herbert Baerten about 7 years 6 months ago

CSCta83590 CSM 3.3 'no monitor-interface' ASA base license deployment failure


The fix will *probably* be in SP1, but you should already be able to get a patch from TAC now.

Correct Answer by jan.nielsen about 7 years 6 months ago

You are hitting a bug in csm 3.3, it's in the bug toolkit. I think there is a workaround, where you either enable monitor interfaces in the failover policy, to make csm not deploy those commands, as it thinks they are default enabled.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
Loading.
Correct Answer
jan.nielsen Sat, 10/10/2009 - 03:54
User Badges:
  • Gold, 750 points or more

You are hitting a bug in csm 3.3, it's in the bug toolkit. I think there is a workaround, where you either enable monitor interfaces in the failover policy, to make csm not deploy those commands, as it thinks they are default enabled.

Correct Answer
Herbert Baerten Mon, 10/12/2009 - 04:05
User Badges:
  • Cisco Employee,

CSCta83590 CSM 3.3 'no monitor-interface' ASA base license deployment failure


The fix will *probably* be in SP1, but you should already be able to get a patch from TAC now.

Actions

This Discussion