06-30-2010 10:44 AM - edited 03-11-2019 11:05 AM
We have 2 ASA5520 firewalls setup as Active/Failover running in single router mode.
IOS is version 8.0(4)
Doing a capture we continue to see one firewall talking to the other (as expected) but the communiction is via IP Protocol 105 (which appears to be SCPS - link and details below).
Here is the output as seen on the firewall cli
1: 13:27:51.355923 802.1Q vlan#10 P0 10.4.1.1 > 10.4.1.2: ip-proto-105, length 44
2: 13:27:52.311232 802.1Q vlan#10 P0 10.4.1.2 > 10.4.1.1: ip-proto-105, length 44
3: 13:27:56.356350 802.1Q vlan#10 P0 10.4.1.1 > 10.4.1.2: ip-proto-105, length 44
4: 13:27:57.311278 802.1Q vlan#10 P0 10.4.1.2 > 10.4.1.1: ip-proto-105, length 44
Are we reading this incorrectly?
Is this a bug that has been reported and fixed in a more recient version?
Here is the google search result and explanation:
SCPS is a protocol suite designed allow communication over challenging environments. Originally developed jointly by NASA and DoD’s USSPACECOM to meet their various needs and requirements. These protocols have been found to be applicable in meeting the needs of the satellite and wireless communities.
THANK YOU
Frank
Solved! Go to Solution.
06-30-2010 11:11 AM
Is this a failover pair?
http://my.safaribooksonline.com/9781587054570/480
The active and standby firewalls determine a failure by sending hello messages to each other at
regular intervals (every 15 seconds by default). These messages are sent over the failover cable
(if present) or the LAN-based failover interface to detect failures of an entire firewall. The hellos are
also sent on all interfaces configured for failover so that the firewall peer can determine the health of
each interface. These messages are sent as short packets using IP protocol 105.
-KS
06-30-2010 11:11 AM
Is this a failover pair?
http://my.safaribooksonline.com/9781587054570/480
The active and standby firewalls determine a failure by sending hello messages to each other at
regular intervals (every 15 seconds by default). These messages are sent over the failover cable
(if present) or the LAN-based failover interface to detect failures of an entire firewall. The hellos are
also sent on all interfaces configured for failover so that the firewall peer can determine the health of
each interface. These messages are sent as short packets using IP protocol 105.
-KS
06-30-2010 11:24 AM
Thank you!!!!,
I thought we had a bug or something or my version of wireshark was incorrectly diagnosing the data packets.
Excellent!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide