Re: Error Message: on 'outside' interface [ifIndex=2]

birengandhi · ‎06-13-2008

We get the following error message on the ASA5505 on 8.03/ASDM 603 from our Network monitoring device.

Adaptive Security Appliance 'outside' interface [ifIndex=2].

Please advise.

Thanks in anticipation.

Farrukh Haroon · ‎06-13-2008

You never mentioned any error?

What NMS are you using?

Perhaps its placed on the inside and it is trying to SNMP Poll/Ping the Outside interface as well (like most NMS). And this is not allowed by the elite security rules of the Cisco firewall :). By default you cannot ping any of the firewall's interface while traversing THROUGH the firewall (i.e. you have to be at the 'back' of the interface to ping it).

Regards

Farrukh

birengandhi · ‎06-13-2008

Hi Farrukh,

We are using "intermapper".

This is the NMS statemnt we have on the ASA:

snmp-server host inside 10.20.2.245 community xxx version 2c.

The error message is:

Probe Type: SNMP - Cisco Pix (port 161 SNMPv1)

Condition: Adaptive Security Appliance 'outside' interface [ifIndex=2]

Thanks.

Farrukh Haroon · ‎06-13-2008

The command you mentioned is correct, but its for sending traps. The error you see is for polls. I think the error most probably is the one I mentioned earlier:

"Perhaps its placed on the inside and it is trying to SNMP Poll/Ping the Outside interface as well (most NMS try to ping/poll all interfaces/IP discovered on a device). And this is not allowed by the elite security rules of the Cisco firewall :). By default you cannot ping any of the firewall's interface while traversing THROUGH the firewall (i.e. you have to be at the 'back' of the interface to ping it). " For example if you are on the inside interface, you cannot ping the firewall's outside interface, however you can ping machines BEYOND the firewall's interface on the outside.

Regards

Farrukh