×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

ASA: Failover Using Sub Interface = (Not Monitored)?

Answered Question
Jun 13th, 2006
User Badges:

Hello,


I just set up 2 ASA 5520s in an Active/Passive configuration.... I had to use sub-interfaces for my 2 pipes comming into the office for the outside interface. When I do a "Show Failover" command it says (Not Monitored) take a look at the read out. Does anyone know why they arent monitored, and is there a way I can make it so they are?



This host: Primary - Active

Active time: 1627869 (sec)

slot 0: ASA5520 hw/sw rev (1.1/7.0(4)) status (Up Sys)

slot 1: empty

Interface DMZ (10.10.x.x): Normal

Interface Private (192.168.x.x): Normal

Interface Outside1 (66.38.x.x): Normal (Not-Monitored)

Interface Outside2 (64.187.x.x): Normal (Not-Monitored)

Other host: Secondary - Standby Ready

Active time: 233226 (sec)

slot 0: ASA5520 hw/sw rev (1.1/7.0(4)) status (Up Sys)

slot 1: empty

Interface DMZ (10.10.x.x): Normal

Interface Private (192.168.x.x): Normal

Interface Outside1 (66.38.x.x): Normal (Not-Monitored)

Interface Outside2 (64.187.x.x): Normal (Not-Monitored)


Outside1 and Outside2 are sub-interfaces (g0/0.1 and g0/0.2)


Thanks,

Chris

Correct Answer by gfullage about 11 years 2 months ago

The "not-monitored" simply means you haven't set these up as failover monitored interfaces, see the monitor-interface command here:


http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_7_1/cmd_ref/m_711.htm#wp1636148


Note that "Monitoring of physical interfaces is enabled by default; monitoring of logical interfaces is disabled by default.", which is why your DMZ and private int's are being monitored, but your sub-int's are not.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
gfullage Wed, 06/14/2006 - 00:41
User Badges:
  • Cisco Employee,

The "not-monitored" simply means you haven't set these up as failover monitored interfaces, see the monitor-interface command here:


http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_7_1/cmd_ref/m_711.htm#wp1636148


Note that "Monitoring of physical interfaces is enabled by default; monitoring of logical interfaces is disabled by default.", which is why your DMZ and private int's are being monitored, but your sub-int's are not.

Actions

This Discussion