my ASA5540 8.2.4(4) can not monitor and failover on certain interfaces
the story is
we configure the
monitor interface inside
monitor interface outside
monitor interface partner
and save configue
but when i show run monitor-interface
the configure do not show the 3 montitor interfaces, it only show other monitor interfaces,which can failover , but not the above 3 interfaces, however they are all showed interface monitor in the ASDM configure
here is the show version
Cisco Adaptive Security Appliance Software Version 8.2(4)4 Device Manager Version 6.4(5)
Compiled on Thu 03-Mar-11 17:18 by builders System image file is "disk0:/asa824-4-k8.bin" Config file at boot was "startup-config"
dcm-lidc-fw1 up 9 days 18 hours failover cluster up 16 days 20 hours
0: Ext: GigabitEthernet0/0 : address is 30e4.db7b.6f82, irq 9 1: Ext: GigabitEthernet0/1 : address is 30e4.db7b.6f83, irq 9 2: Ext: GigabitEthernet0/2 : address is 30e4.db7b.6f84, irq 9 3: Ext: GigabitEthernet0/3 : address is 30e4.db7b.6f85, irq 9 4: Ext: Management0/0 : address is 30e4.db7b.6f86, irq 11 5: Int: Internal-Data0/0 : address is 0000.0001.0002, irq 11 6: Int: Not used : irq 5 7: Ext: GigabitEthernet1/0 : address is 30e4.db02.1f96, irq 255 8: Ext: GigabitEthernet1/1 : address is 30e4.db02.1f97, irq 255 9: Ext: GigabitEthernet1/2 : address is 30e4.db02.1f98, irq 255 10: Ext: GigabitEthernet1/3 : address is 30e4.db02.1f99, irq 255 11: Int: Internal-Data1/0 : address is 0000.0003.0002, irq 255
Licensed features for this platform: Maximum Physical Interfaces : Unlimited Maximum VLANs : 200 Inside Hosts : Unlimited Failover : Active/Active VPN-DES : Enabled VPN-3DES-AES : Enabled Security Contexts : 2 GTP/GPRS : Disabled SSL VPN Peers : 2 Total VPN Peers : 5000 Shared License : Disabled AnyConnect for Mobile : Disabled AnyConnect for Cisco VPN Phone : Disabled AnyConnect Essentials : Enabled Advanced Endpoint Assessment : Disabled UC Phone Proxy Sessions : 2 Total UC Proxy Sessions : 2 Botnet Traffic Filter : Disabled
This platform has an ASA 5540 VPN Premium license.
==========here is the show monitor interface, it does not show outside/inside/partner====================
-fw1# sh run monitor-interface monitor-interface app monitor-interface dmz monitor-interface data monitor-interface dev-app monitor-interface dev-data no monitor-interface management -fw1#
-fw1(config)# sh run all | in monitor banner motd * This is a private and monitored system. * monitor-interface app monitor-interface dmz monitor-interface data monitor-interface dev-app monitor-interface dev-data no monitor-interface management
===============failover test =============
- unplug the outside interface cable on primary , led go off, but failover does not happen-
- upplug the cable on inside, or parner , it still do not failover
- only unplug the cable on other monitor interface , it failover.
=======clear config monitor-interface, and enter monitor-interface command for all the interface, re test, again, same result=======
my ASA5540 8.2.4(4) can not monitor and failover on certain inte
fw1# sh failover Failover On Failover unit Secondary Failover LAN Interface: failover GigabitEthernet1/3 (up) Unit Poll frequency 1 seconds, holdtime 15 seconds Interface Poll frequency 5 seconds, holdtime 25 seconds Interface Policy 1 Monitored Interfaces 8 of 210 maximum Version: Ours 8.2(4)4, Mate 8.2(4)4 Last Failover at: 15:44:00 EST Nov 24 2011 This host: Secondary - Standby Ready Active time: 767625 (sec) slot 0: ASA5540 hw/sw rev (2.0/8.2(4)4) status (Up Sys) Interface outside (188.8.131.52): Normal Interface inside (10.100.161.2): Normal Interface app (10.100.171.2): Normal Interface dmz (10.100.172.2): Normal Interface data (10.100.173.2): Normal Interface dev-app (10.100.174.2): Normal Interface dev-data (10.100.175.2): Normal Interface management (10.7.4.9): Failed (Not-Monitored) Interface partner (10.100.160.14): Normal slot 1: ASA-SSM-4GE hw/sw rev (1.0/1.0(0)10) status (Up) Other host: Primary - Active Active time: 77823 (sec) slot 0: ASA5540 hw/sw rev (2.0/8.2(4)4) status (Up Sys) Interface outside (184.108.40.206): Normal Interface inside (10.100.161.1): Normal Interface app (10.100.171.1): Normal Interface dmz (10.100.172.1): Normal Interface data (10.100.173.1): Normal Interface dev-app (10.100.174.1): Normal Interface dev-data (10.100.175.1): Normal Interface management (10.7.4.8): Normal (Not-Monitored) Interface partner (10.100.160.13): Normal slot 1: ASA-SSM-4GE hw/sw rev (1.0/1.0(0)10) status (Up)
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...