Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
12345
Views
5
Helpful
2
Replies

ASA5520 keepalive as ip protocol 105 (SCSP)

Go to solution
fsebera
Level 4
Level 4

‎06-30-2010 10:44 AM - edited ‎03-11-2019 11:05 AM

We have 2 ASA5520 firewalls setup as Active/Failover running in single router mode.

IOS is version 8.0(4)

Doing a capture we continue to see one firewall talking to the other (as expected) but the communiction is via IP Protocol 105 (which appears to be SCPS - link and details below).

Here is the output as seen on the firewall cli

    1: 13:27:51.355923 802.1Q vlan#10 P0 10.4.1.1 > 10.4.1.2:  ip-proto-105, length 44
   2: 13:27:52.311232 802.1Q vlan#10 P0 10.4.1.2 > 10.4.1.1:  ip-proto-105, length 44
   3: 13:27:56.356350 802.1Q vlan#10 P0 10.4.1.1 > 10.4.1.2:  ip-proto-105, length 44
   4: 13:27:57.311278 802.1Q vlan#10 P0 10.4.1.2 > 10.4.1.1:  ip-proto-105, length 44

Are we reading this incorrectly?

Is this a bug that has been reported and fixed in a more recient version?

Here is the google search result and explanation:

http://www.scps.org/

SCPS is a protocol suite designed allow  communication over challenging environments. Originally developed  jointly by NASA and DoD’s USSPACECOM to meet their various needs and  requirements. These protocols have been found to be applicable in  meeting the needs of the satellite and wireless communities.

THANK YOU

Frank

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Kureli Sankar
Cisco Employee
Cisco Employee

‎06-30-2010 11:11 AM

Is this a failover pair?

http://my.safaribooksonline.com/9781587054570/480

The active and standby firewalls determine a failure by sending hello messages to each other at
regular intervals (every 15 seconds by default). These messages are sent over the failover cable
(if present) or the LAN-based failover interface to detect failures of an entire firewall. The hellos are
also sent on all interfaces configured for failover so that the firewall peer can determine the health of
each interface. These messages are sent as short packets using IP protocol 105.

-KS

View solution in original post

2 Replies 2

Go to solution
Kureli Sankar
Cisco Employee
Cisco Employee

‎06-30-2010 11:11 AM

Is this a failover pair?

http://my.safaribooksonline.com/9781587054570/480

The active and standby firewalls determine a failure by sending hello messages to each other at
regular intervals (every 15 seconds by default). These messages are sent over the failover cable
(if present) or the LAN-based failover interface to detect failures of an entire firewall. The hellos are
also sent on all interfaces configured for failover so that the firewall peer can determine the health of
each interface. These messages are sent as short packets using IP protocol 105.

-KS

Go to solution
fsebera
Level 4
Level 4
In response to Kureli Sankar

‎06-30-2010 11:24 AM

Thank you!!!!,

I thought we had a bug or something or my version of wireshark was incorrectly diagnosing the data packets.

Excellent!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card