cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1857
Views
0
Helpful
4
Replies

"no monitor-interface" from CSManager to ASA 5505 causes deployment failure

All,

I recently imported an ASA 5505 (code 8.2(1)) into Cisco Security Manager 3.3.0. When I try to deploy the config back, even if I make no changes, I get the following error(s) reported in the transcript:

Line# 2. (ERROR) Sent (Fri Oct 09 11:32:48 EDT 2009): no monitor-interface inside

Received (Fri Oct 09 11:32:48 EDT 2009): ERROR: Command requires failover license

Line# 3. (ERROR) Sent (Fri Oct 09 11:32:48 EDT 2009): no monitor-interface outside

Received (Fri Oct 09 11:32:48 EDT 2009): ERROR: Command requires failover license

I do understand why the command is failing; that's not the problem. The problem is that CSManager is sending this irrelevant and problematic command. I can't find a way to tell CSManager to not do this. (FlexConfig, for example, just lets you add more commands before or after the main config. You cannot tell it to *not* config something.)

I've been unable to find any mention of this on Cisco.com or in NetPro. Can anyone give me some advice?

Thanks,

Christopher Ursich

2 Accepted Solutions

Accepted Solutions

jan.nielsen
Level 7
Level 7

You are hitting a bug in csm 3.3, it's in the bug toolkit. I think there is a workaround, where you either enable monitor interfaces in the failover policy, to make csm not deploy those commands, as it thinks they are default enabled.

View solution in original post

CSCta83590 CSM 3.3 'no monitor-interface' ASA base license deployment failure

The fix will *probably* be in SP1, but you should already be able to get a patch from TAC now.

View solution in original post

4 Replies 4

jan.nielsen
Level 7
Level 7

You are hitting a bug in csm 3.3, it's in the bug toolkit. I think there is a workaround, where you either enable monitor interfaces in the failover policy, to make csm not deploy those commands, as it thinks they are default enabled.

CSCta83590 CSM 3.3 'no monitor-interface' ASA base license deployment failure

The fix will *probably* be in SP1, but you should already be able to get a patch from TAC now.

Thanks to both respondents. Next time I will think to check the bug list too.

testing (please ignore)

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: