Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

my ASA5540 8.2.4(4) can not monitor and failover on certain interfaces

the story is

we configure the

monitor interface  inside

monitor interface  outside

monitor interface  partner

and save configue

but when i show run monitor-interface

the configure do not show the 3 montitor interfaces, it only show other monitor interfaces,which can failover , but not the above 3 interfaces,  however they are all showed  interface monitor in the ASDM configure

here is the show version

==================================

Cisco Adaptive Security Appliance Software Version 8.2(4)4
Device Manager Version 6.4(5)

Compiled on Thu 03-Mar-11 17:18 by builders
System image file is "disk0:/asa824-4-k8.bin"
Config file at boot was "startup-config"

dcm-lidc-fw1 up 9 days 18 hours
failover cluster up 16 days 20 hours

Hardware:   ASA5540, 2048 MB RAM, CPU Pentium 4 2000 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash Firmware Hub @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
                             Boot microcode   : CN1000-MC-BOOT-2.00
                             SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
                             IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.05

0: Ext: GigabitEthernet0/0  : address is 30e4.db7b.6f82, irq 9
1: Ext: GigabitEthernet0/1  : address is 30e4.db7b.6f83, irq 9
2: Ext: GigabitEthernet0/2  : address is 30e4.db7b.6f84, irq 9
3: Ext: GigabitEthernet0/3  : address is 30e4.db7b.6f85, irq 9
4: Ext: Management0/0       : address is 30e4.db7b.6f86, irq 11
5: Int: Internal-Data0/0    : address is 0000.0001.0002, irq 11
6: Int: Not used            : irq 5
7: Ext: GigabitEthernet1/0  : address is 30e4.db02.1f96, irq 255
8: Ext: GigabitEthernet1/1  : address is 30e4.db02.1f97, irq 255
9: Ext: GigabitEthernet1/2  : address is 30e4.db02.1f98, irq 255
10: Ext: GigabitEthernet1/3  : address is 30e4.db02.1f99, irq 255
11: Int: Internal-Data1/0    : address is 0000.0003.0002, irq 255

Licensed features for this platform:
Maximum Physical Interfaces    : Unlimited
Maximum VLANs                  : 200      
Inside Hosts                   : Unlimited
Failover                       : Active/Active
VPN-DES                        : Enabled  
VPN-3DES-AES                   : Enabled  
Security Contexts              : 2        
GTP/GPRS                       : Disabled 
SSL VPN Peers                  : 2        
Total VPN Peers                : 5000     
Shared License                 : Disabled
AnyConnect for Mobile          : Disabled 
AnyConnect for Cisco VPN Phone : Disabled 
AnyConnect Essentials          : Enabled  
Advanced Endpoint Assessment   : Disabled 
UC Phone Proxy Sessions        : 2        
Total UC Proxy Sessions        : 2        
Botnet Traffic Filter          : Disabled 

This platform has an ASA 5540 VPN Premium license.

==========here is the show monitor interface, it does not show outside/inside/partner====================

-fw1# sh run monitor-interface
monitor-interface app
monitor-interface dmz
monitor-interface data
monitor-interface dev-app
monitor-interface dev-data
no monitor-interface management
-fw1#


-fw1(config)# sh run all | in monitor
banner motd *  This is a private and monitored system.      *
monitor-interface app
monitor-interface dmz
monitor-interface data
monitor-interface dev-app
monitor-interface dev-data
no monitor-interface management

===============failover test =============

- unplug the outside interface cable on primary , led go off, but failover does not happen-

- upplug the cable on inside, or parner , it still do not failover

- only unplug the cable on other monitor interface , it failover. 

=======clear config monitor-interface, and enter monitor-interface command for all the interface, re test, again, same result=======

Everyone's tags (6)
3 REPLIES
Community Member

my ASA5540 8.2.4(4) can not monitor and failover on certain inte

more information

the outside, inside, and partner interface are all physical interfaces.

Community Member

my ASA5540 8.2.4(4) can not monitor and failover on certain inte

even after I enter 

failover monitor-interface outside

failover monitor-interface inside

failover monitor-interface partner

when i show run

the above 3 command is not show in the configure.

but also, there is no warnning mesage when I enter the command....

this is so weird.

in the ASDM, it again show all 3 interface are monitored.

but it just won't failover when monitor those 3 interface link-down.

Community Member

my ASA5540 8.2.4(4) can not monitor and failover on certain inte

fw1# sh failover
Failover On
Failover unit Secondary
Failover LAN Interface: failover GigabitEthernet1/3 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 8 of 210 maximum
Version: Ours 8.2(4)4, Mate 8.2(4)4
Last Failover at: 15:44:00 EST Nov 24 2011
        This host: Secondary - Standby Ready
                Active time: 767625 (sec)
                slot 0: ASA5540 hw/sw rev (2.0/8.2(4)4) status (Up Sys)
                  Interface outside (209.202.65.132): Normal
                  Interface inside (10.100.161.2): Normal
                  Interface app (10.100.171.2): Normal
                  Interface dmz (10.100.172.2): Normal
                  Interface data (10.100.173.2): Normal
                  Interface dev-app (10.100.174.2): Normal
                  Interface dev-data (10.100.175.2): Normal
                  Interface management (10.7.4.9): Failed (Not-Monitored)
                  Interface partner (10.100.160.14): Normal
                slot 1: ASA-SSM-4GE hw/sw rev (1.0/1.0(0)10) status (Up)
        Other host: Primary - Active
                Active time: 77823 (sec)
                slot 0: ASA5540 hw/sw rev (2.0/8.2(4)4) status (Up Sys)
                  Interface outside (209.202.65.131): Normal
                  Interface inside (10.100.161.1): Normal
                  Interface app (10.100.171.1): Normal
                  Interface dmz (10.100.172.1): Normal
                  Interface data (10.100.173.1): Normal
                  Interface dev-app (10.100.174.1): Normal
                  Interface dev-data (10.100.175.1): Normal
                  Interface management (10.7.4.8): Normal (Not-Monitored)
                  Interface partner (10.100.160.13): Normal
                slot 1: ASA-SSM-4GE hw/sw rev (1.0/1.0(0)10) status (Up)

Stateful Failover Logical Update Statistics
        Link : failover GigabitEthernet1/3 (up)
        Stateful Obj    xmit       xerr       rcv        rerr     
        General         1001073    0          443701     25       
        sys cmd         194284     0          194283     0        
        up time         0          0          0          0        
        RPC services    0          0          0          0        
        TCP conn        262196     0          45389      2        
        UDP conn        342196     0          47480      3        
        ARP tbl         202397     0          156529     20       
        Xlate_Timeout   0          0          0          0        
        IPv6 ND tbl     0          0          0          0        
        VPN IKE upd     0          0          10         0        

1467
Views
0
Helpful
3
Replies
CreatePlease to create content