I recently configured and installed ASA-5520s as a replacement for EOL PIX-525 set. This new configuration utilizes sub-interfaces for partner connections. Traffic is passing through the interfaces, but I am curious as to why the sub-interfaces are not being monitored for failover, and the parent interface isn't listed as monitored as well. (see configlet below):
interface GigabitEthernet0/2
speed 1000
duplex full
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/2.1
vlan 101
nameif intf1
security-level 0
ip address a.a.a.1 255.255.255.0 standby a.a.a.2
!
interface GigabitEthernet0/2.2
vlan 102
nameif intf2
security-level 50
ip address b.b.b.1 255.255.255.248 standby b.b.b.2
!
interface GigabitEthernet0/2.3
vlan 103
nameif intf3
security-level 50
ip address c.c.c.1 255.255.255.248 standby c.c.c.2
...
firewall# sh fail
Failover On
Failover unit Primary
Failover LAN Interface: FAILOVER GigabitEthernet0/3 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 3 of 250 maximum
Version: Ours 8.0(4), Mate 8.0(4)
Last Failover at: 08:57:52 EST Dec 14 2008
This host: Primary - Active
Active time: 87450 (sec)
slot 0: ASA5520 hw/sw rev (2.0/8.0(4)) status (Up Sys)
Interface OUTSIDE (ip.address): Normal
Interface INSIDE (ip.address): Normal
Interface intf1 (a.a.a.1): Normal (Not-Monitored)
Interface intf2 (b.b.b.1): Normal (Not-Monitored)
Interface intf3 (c.c.c.1): Normal (Not-Monitored)
Interface MGMT (ip.address): Normal
-----------------------------------------
My assumption would be that it would monitor the parent interface (g0/2), but its not listed in a 'show failover', most likely because there is no name applied to the interface. Does anyone know if the interface is monitored, but not listed or is it simply not monitored?
Thanks!