I recently configured and installed ASA-5520s as a replacement for EOL PIX-525 set. This new configuration utilizes sub-interfaces for partner connections. Traffic is passing through the interfaces, but I am curious as to why the sub-interfaces are not being monitored for failover, and the parent interface isn't listed as monitored as well. (see configlet below):

interface GigabitEthernet0/2

speed 1000

duplex full

no nameif

no security-level

no ip address

!

interface GigabitEthernet0/2.1

vlan 101

nameif intf1

security-level 0

ip address a.a.a.1 255.255.255.0 standby a.a.a.2

!

interface GigabitEthernet0/2.2

vlan 102

nameif intf2

security-level 50

ip address b.b.b.1 255.255.255.248 standby b.b.b.2

!

interface GigabitEthernet0/2.3

vlan 103

nameif intf3

security-level 50

ip address c.c.c.1 255.255.255.248 standby c.c.c.2

...

firewall# sh fail

Failover On

Failover unit Primary

Failover LAN Interface: FAILOVER GigabitEthernet0/3 (up)

Unit Poll frequency 1 seconds, holdtime 15 seconds

Interface Poll frequency 5 seconds, holdtime 25 seconds

Interface Policy 1

Monitored Interfaces 3 of 250 maximum

Version: Ours 8.0(4), Mate 8.0(4)

Last Failover at: 08:57:52 EST Dec 14 2008

This host: Primary - Active

Active time: 87450 (sec)

slot 0: ASA5520 hw/sw rev (2.0/8.0(4)) status (Up Sys)

Interface OUTSIDE (ip.address): Normal

Interface INSIDE (ip.address): Normal

Interface intf1 (a.a.a.1): Normal (Not-Monitored)

Interface intf2 (b.b.b.1): Normal (Not-Monitored)

Interface intf3 (c.c.c.1): Normal (Not-Monitored)

Interface MGMT (ip.address): Normal

-----------------------------------------

My assumption would be that it would monitor the parent interface (g0/2), but its not listed in a 'show failover', most likely because there is no name applied to the interface. Does anyone know if the interface is monitored, but not listed or is it simply not monitored?

Thanks!