"no monitor-interface" from CSManager to ASA 5505 causes deployment failure

Answered Question
Oct 9th, 2009

All,

I recently imported an ASA 5505 (code 8.2(1)) into Cisco Security Manager 3.3.0. When I try to deploy the config back, even if I make no changes, I get the following error(s) reported in the transcript:

Line# 2. (ERROR) Sent (Fri Oct 09 11:32:48 EDT 2009): no monitor-interface inside

Received (Fri Oct 09 11:32:48 EDT 2009): ERROR: Command requires failover license

Line# 3. (ERROR) Sent (Fri Oct 09 11:32:48 EDT 2009): no monitor-interface outside

Received (Fri Oct 09 11:32:48 EDT 2009): ERROR: Command requires failover license

I do understand why the command is failing; that's not the problem. The problem is that CSManager is sending this irrelevant and problematic command. I can't find a way to tell CSManager to not do this. (FlexConfig, for example, just lets you add more commands before or after the main config. You cannot tell it to *not* config something.)

I've been unable to find any mention of this on Cisco.com or in NetPro. Can anyone give me some advice?

Thanks,

Christopher Ursich

I have this problem too.
0 votes
Correct Answer by Herbert Baerten about 7 years 1 month ago

CSCta83590 CSM 3.3 'no monitor-interface' ASA base license deployment failure

The fix will *probably* be in SP1, but you should already be able to get a patch from TAC now.

Correct Answer by jan.nielsen about 7 years 1 month ago

You are hitting a bug in csm 3.3, it's in the bug toolkit. I think there is a workaround, where you either enable monitor interfaces in the failover policy, to make csm not deploy those commands, as it thinks they are default enabled.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
Loading.
Correct Answer
jan.nielsen Sat, 10/10/2009 - 03:54

You are hitting a bug in csm 3.3, it's in the bug toolkit. I think there is a workaround, where you either enable monitor interfaces in the failover policy, to make csm not deploy those commands, as it thinks they are default enabled.

Correct Answer
Herbert Baerten Mon, 10/12/2009 - 04:05

CSCta83590 CSM 3.3 'no monitor-interface' ASA base license deployment failure

The fix will *probably* be in SP1, but you should already be able to get a patch from TAC now.

Actions

This Discussion