cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


568
Views
0
Helpful
1
Replies
Beginner

Internal Control and Internal Data interfaces appeared in Cisco ASA 5516-x. Why are they there?

Hello Community Members, 

 

I've just recently run accross my config and noticed I have an Internal Control and Internal Data interfaces in my Cisco ASA 5516-x. 

 

Internal-Control1/1 127.0.1.1 YES unset up up
Internal-Data1/1 unassigned YES unset down down
Internal-Data1/2 unassigned YES unset up up
Internal-Data1/3 unassigned YES unset up up
Internal-Data1/4 169.254.1.1 YES unset up up

 

I didn't setup them for a purpose, moreover they are not visible in ASDM or in CLI "show interface", "show run interface" commands. I just noticed them via running "show interface ip brief" command in CLI. What are they for? Why they appeared? 

 

I have setup two SLA monitors for checking ISP connectivity, however I've attached this SLAs to outside interfaces. Need to note that device is not connected to any of ports exept the inside LAN through which I've connecting over ssh to make configuration and used only as a testing device. 

 

It is also sends me some logs with errors like: 

SeverityDateTimeSyslogIDSource IPSource portDestination IpDestination PortDescription
6Mar 20 201911:42:14110002169.254.185.218137  Failed to locate egress interface for UDP from LAN1-HO-ge1:169.254.185.218/137 to 169.254.255.255/137

 

Hope to hear from you, 

Regards Olim

1 REPLY 1
Cisco Employee

Re: Internal Control and Internal Data interfaces appeared in Cisco ASA 5516-x. Why are they there?

Internal-Data and control interfaces are configured by the system and do not require any attention. You can ignore them.

 

'Failed to locate egress interface for UDP from LAN1-HO-ge1:169.254.185.218/137 to 169.254.255.255/137' means that firewall receives NETBIOS traffic sent probably by a Windows machine on LAN1-HO-ge1 interface that failed to get IP address from DHCP and used APIPA. You can investigate why the machine does not get IP address.