ASA5520 keepalive as ip protocol 105 (SCSP)

Endorsed Question
Jun 30th, 2010

We have 2 ASA5520 firewalls setup as Active/Failover running in single router mode.

IOS is version 8.0(4)

Doing a capture we continue to see one firewall talking to the other (as expected) but the communiction is via IP Protocol 105 (which appears to be SCPS - link and details below).


Here is the output as seen on the firewall cli

    1: 13:27:51.355923 802.1Q vlan#10 P0 10.4.1.1 > 10.4.1.2:  ip-proto-105, length 44
   2: 13:27:52.311232 802.1Q vlan#10 P0 10.4.1.2 > 10.4.1.1:  ip-proto-105, length 44
   3: 13:27:56.356350 802.1Q vlan#10 P0 10.4.1.1 > 10.4.1.2:  ip-proto-105, length 44
   4: 13:27:57.311278 802.1Q vlan#10 P0 10.4.1.2 > 10.4.1.1:  ip-proto-105, length 44


Are we reading this incorrectly?

Is this a bug that has been reported and fixed in a more recient version?


Here is the google search result and explanation:


http://www.scps.org/

SCPS is a protocol suite designed allow  communication over challenging environments. Originally developed  jointly by NASA and DoD’s USSPACECOM to meet their various needs and  requirements. These protocols have been found to be applicable in  meeting the needs of the satellite and wireless communities.


THANK YOU

Frank

Cisco Endorsed by narkuma2
Kureli Sankar about 6 years 7 months ago

Is this a failover pair?


http://my.safaribooksonline.com/9781587054570/480


The active and standby firewalls determine a failure by sending hello messages to each other at
regular intervals (every 15 seconds by default). These messages are sent over the failover cable
(if present) or the LAN-based failover interface to detect failures of an entire firewall. The hellos are
also sent on all interfaces configured for failover so that the firewall peer can determine the health of
each interface. These messages are sent as short packets using IP protocol 105.



-KS

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Kureli Sankar Wed, 06/30/2010 - 11:11

Is this a failover pair?


http://my.safaribooksonline.com/9781587054570/480


The active and standby firewalls determine a failure by sending hello messages to each other at
regular intervals (every 15 seconds by default). These messages are sent over the failover cable
(if present) or the LAN-based failover interface to detect failures of an entire firewall. The hellos are
also sent on all interfaces configured for failover so that the firewall peer can determine the health of
each interface. These messages are sent as short packets using IP protocol 105.



-KS

fsebera Wed, 06/30/2010 - 11:24

Thank you!!!!,

I thought we had a bug or something or my version of wireshark was incorrectly diagnosing the data packets.

Excellent!

Actions

This Discussion