Question regarding A/S Failover on ASA 8.2

Answered Question
Dec 16th, 2009

Hi All,

I have two ASAs 5510 working fine in Failover. One is Active and the other Standby. If I force a failover with the command ''no failover active'' for example, then the secondary ASA takes over statefully. It works great. The only problem that I have is the following:

I am using one physical interface E0/0 as the outside interface, and three subinterfaces on the physical E0/1 inside interface. The three subinterfaces are not being monitored by failover (they show as normal not monitored as the result of the ''show fail'' command).

The ''show monitor-interface'' shows only the outside and inside interface being monitored by failover. In otherwords, the three subinterfaces are not being monitored. What I'm I missing?

Everything works fine, except the failover is not going to be triggered by any of the subinterfaces. How do I fix it?

Thank you All!

Federico.

I have this problem too.
0 votes
Correct Answer by Parminder Sian about 6 years 11 months ago

Hey Federico,

By default, monitoring of physical interfaces is enabled and monitoring of subinterfaces is disabled.You can control which interfaces affect your failover policy by disabling the monitoring of specific interfaces and enabling the monitoring of others. This lets you exclude interfaces attached to less critical networks from affecting your failover policy.

For units in multiple configuration mode, use the following commands to enable or disable health monitoring for specific interfaces:

To disable health monitoring for an interface, enter the following command within a context:

hostname/context(config)# no monitor-interface if_name

To enable health monitoring for an interface, enter the following command within a context:

hostname/context(config)# monitor-interface if_name

For units in single configuration mode as in your case, use the following commands to enable or disable health monitoring for specific interfaces:

To disable health monitoring for an interface, enter the following command in global configuration mode:

hostname(config)# no monitor-interface if_name

To enable health monitoring for an interface, enter the following command in global configuration mode:

hostname(config)# monitor-interface if_name


Hope this helps.

Regards,

Parminder Sian

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Parminder Sian Wed, 12/16/2009 - 22:17

Hey Federico,

By default, monitoring of physical interfaces is enabled and monitoring of subinterfaces is disabled.You can control which interfaces affect your failover policy by disabling the monitoring of specific interfaces and enabling the monitoring of others. This lets you exclude interfaces attached to less critical networks from affecting your failover policy.

For units in multiple configuration mode, use the following commands to enable or disable health monitoring for specific interfaces:

To disable health monitoring for an interface, enter the following command within a context:

hostname/context(config)# no monitor-interface if_name

To enable health monitoring for an interface, enter the following command within a context:

hostname/context(config)# monitor-interface if_name

For units in single configuration mode as in your case, use the following commands to enable or disable health monitoring for specific interfaces:

To disable health monitoring for an interface, enter the following command in global configuration mode:

hostname(config)# no monitor-interface if_name

To enable health monitoring for an interface, enter the following command in global configuration mode:

hostname(config)# monitor-interface if_name


Hope this helps.

Regards,

Parminder Sian

Actions

This Discussion