Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA 5520 - Failover monitoring of sub-interfaces

I recently configured and installed ASA-5520s as a replacement for EOL PIX-525 set. This new configuration utilizes sub-interfaces for partner connections. Traffic is passing through the interfaces, but I am curious as to why the sub-interfaces are not being monitored for failover, and the parent interface isn't listed as monitored as well. (see configlet below):

interface GigabitEthernet0/2

speed 1000

duplex full

no nameif

no security-level

no ip address


interface GigabitEthernet0/2.1

vlan 101

nameif intf1

security-level 0

ip address a.a.a.1 standby a.a.a.2


interface GigabitEthernet0/2.2

vlan 102

nameif intf2

security-level 50

ip address b.b.b.1 standby b.b.b.2


interface GigabitEthernet0/2.3

vlan 103

nameif intf3

security-level 50

ip address c.c.c.1 standby c.c.c.2


firewall# sh fail

Failover On

Failover unit Primary

Failover LAN Interface: FAILOVER GigabitEthernet0/3 (up)

Unit Poll frequency 1 seconds, holdtime 15 seconds

Interface Poll frequency 5 seconds, holdtime 25 seconds

Interface Policy 1

Monitored Interfaces 3 of 250 maximum

Version: Ours 8.0(4), Mate 8.0(4)

Last Failover at: 08:57:52 EST Dec 14 2008

This host: Primary - Active

Active time: 87450 (sec)

slot 0: ASA5520 hw/sw rev (2.0/8.0(4)) status (Up Sys)

Interface OUTSIDE (ip.address): Normal

Interface INSIDE (ip.address): Normal

Interface intf1 (a.a.a.1): Normal (Not-Monitored)

Interface intf2 (b.b.b.1): Normal (Not-Monitored)

Interface intf3 (c.c.c.1): Normal (Not-Monitored)

Interface MGMT (ip.address): Normal


My assumption would be that it would monitor the parent interface (g0/2), but its not listed in a 'show failover', most likely because there is no name applied to the interface. Does anyone know if the interface is monitored, but not listed or is it simply not monitored?


New Member

Re: ASA 5520 - Failover monitoring of sub-interfaces


CreatePlease login to create content