Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

ASA 5585 interfaces show unresponsive

Unanswered Question
Jul 12th, 2012
User Badges:

Hello experts,

I'm monitoring 2 ASA 5585-x firewalls (in HA mode) using Cisco Prime LMS 4.2.1. The LMS server is connected to the firewalls on the inside interface.

My issue is that I keep on receiving Alert messages on Fault Monitor for both ASA firewalls listing all interfaces (except inside interface) as unresponsive.

My thought is that since the LMS server is not able to ping other active interfaces, it generates these alert messages.

My query is whether I'm thinking right? If yes, how can I prevent these unwanted messages from showing in Fault Monitor?

If I'm wrong, please help me understand.

Everything else is working fine without any problems.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jedavis Thu, 07/12/2012 - 06:05
User Badges:

Hi Jayesh,

Yes, it is true that the ASA will not return ICMP echo replies from a "far" interface, and as far as I have been able to determine there is no way to change this behavior.

To prevent DFM from sending the alerts, unmanage the IP address on the device.  Go to Monitor => Fault Settings => Setup => Fault Device Details.  Select your firewall, click View, then click on the device name on the resulting page.  Click on IP under Interface Status in the left pane, then unmanage the unreachable IP addresses.

I'm not sure why this is not the default behavior for ASA devices.  Perhaps it is because of the difficulty in determining what interface the NMS can be reached from.



This Discussion

Related Content