Internal Control and Internal Data interfaces appeared in Cisco ASA 5516-x. Why are they there?
Hello Community Members,
I've just recently run accross my config and noticed I have an Internal Control and Internal Data interfaces in my Cisco ASA 5516-x.
Internal-Control1/1 127.0.1.1 YES unset up up Internal-Data1/1 unassigned YES unset down down Internal-Data1/2 unassigned YES unset up up Internal-Data1/3 unassigned YES unset up up Internal-Data1/4 169.254.1.1 YES unset up up
I didn't setup them for a purpose, moreover they are not visible in ASDM or in CLI "show interface", "show run interface" commands. I just noticed them via running "show interface ip brief" command in CLI. What are they for? Why they appeared?
I have setup two SLA monitors for checking ISP connectivity, however I've attached this SLAs to outside interfaces. Need to note that device is not connected to any of ports exept the inside LAN through which I've connecting over ssh to make configuration and used only as a testing device.
It is also sends me some logs with errors like:
Mar 20 2019
Failed to locate egress interface for UDP from LAN1-HO-ge1:169.254.185.218/137 to 169.254.255.255/137
Re: Internal Control and Internal Data interfaces appeared in Cisco ASA 5516-x. Why are they there?
Internal-Data and control interfaces are configured by the system and do not require any attention. You can ignore them.
'Failed to locate egress interface for UDP from LAN1-HO-ge1:169.254.185.218/137 to 169.254.255.255/137' means that firewall receives NETBIOS traffic sent probably by a Windows machine on LAN1-HO-ge1 interface that failed to get IP address from DHCP and used APIPA. You can investigate why the machine does not get IP address.
Hi experts,I would like any suggestions on this topology. We are is the middle of replacing our old ASA5520 with the new FirePower. Our current firewall terminate our IPsec tunnels and the GRE is terminated on the first inside router's loopback on the sec...
Hi All, A customer wants to authenticate Anyconnect VPN users from an ASA using the client installed certificate and then with AD. i.e. Is this a corporate device?Would we recommend authenticating the cert on the ASA then passing the AD check to ISE ...
Hello Team, we are getting alert in FMC stating policy deployment failed, we are running on 6.2.0 version and not sure which version is stable version to re mediate this issue, in one event i have seen restart will resolve this issue but is it perman...
Threat Hunting 101
In the latest Cisco Cybersecurity report, we explore all there is to know about threat hunting and provide a how-to guide for creating a threat hunting team.
Here are some of th...
What Is Cisco Identity Services Engine?
Cisco Identity Services Engine (ISE) is an all-in-one enterprise policy control product that enables comprehensive secure wired, wireless, and Virtual Private Networking (VPN) access.
Cisco ISE offers...