Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1070
Views
0
Helpful
1
Replies

ASA 5585 interfaces show unresponsive

Jayesh Limaye
Level 1
Level 1

‎07-12-2012 01:37 AM

Hello experts,

I'm monitoring 2 ASA 5585-x firewalls (in HA mode) using Cisco Prime LMS 4.2.1. The LMS server is connected to the firewalls on the inside interface.

My issue is that I keep on receiving Alert messages on Fault Monitor for both ASA firewalls listing all interfaces (except inside interface) as unresponsive.

My thought is that since the LMS server is not able to ping other active interfaces, it generates these alert messages.

My query is whether I'm thinking right? If yes, how can I prevent these unwanted messages from showing in Fault Monitor?

If I'm wrong, please help me understand.

Everything else is working fine without any problems.

Thanks,

Jayesh

Labels:
Preview file
344 KB
0 Helpful
1 Reply 1

jedavis
Level 4
Level 4

‎07-12-2012 06:05 AM

Hi Jayesh,

Yes, it is true that the ASA will not return ICMP echo replies from a "far" interface, and as far as I have been able to determine there is no way to change this behavior.

To prevent DFM from sending the alerts, unmanage the IP address on the device.  Go to Monitor => Fault Settings => Setup => Fault Device Details.  Select your firewall, click View, then click on the device name on the resulting page.  Click on IP under Interface Status in the left pane, then unmanage the unreachable IP addresses.

I'm not sure why this is not the default behavior for ASA devices.  Perhaps it is because of the difficulty in determining what interface the NMS can be reached from.

-Jeff

0 Helpful
Customers Also Viewed These Support Documents