Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
622
Views
0
Helpful
1
Replies

ASA Failover Firewall NMS Configuration Gathering and Monitoring

robert.horrigan
Level 2
Level 2

‎04-19-2011 06:49 AM - edited ‎03-11-2019 01:23 PM

Howdy ASA geniuses,

I'm trying to find a good config that will allow my NMS to monitor the secondary firewall as well as gather the configuration.  I have the below config, but obviously the NMS cannot be contacted.  LAN/State failover are directly connected and not routable.  Will adding the standby address to the inside interface i.e. ip address x.x.x.4 255.255.255.128 standby x.x.x.5 allow the NMS to monitor and pull configs from the secondary ASA?  I appreciate any assistance.  Any other advice would be much appreciated.

interface GigabitEthernet0/1
nameif inside
security-level 100
ip address x.x.x.4 255.255.255.128
!
interface GigabitEthernet0/2
description LAN Failover Interface
!
interface GigabitEthernet0/3
description STATE Failover Interface


failover
failover lan unit primary
failover lan interface FO-LAN GigabitEthernet0/2
failover replication http
failover link FO-STATE GigabitEthernet0/3
failover interface ip FO-LAN x.x.x.1 255.255.255.252 standby x.x.x.2
failover interface ip FO-STATE x.x.x.1 255.255.255.252 standby x.x.x.2

Labels:
0 Helpful
1 Reply 1

mvsheik123
Level 7
Level 7

‎04-19-2011 06:59 AM

Hi,

Unless you already have it, try adding static route on ASAs for the NMS (reachability from both ASAs & also make sure any existing reditribution of protocols on ASA does not cause any outage from NMS point). Also, in the NMS use standby address as of the ASA as the source for the stats gathering.

hth

MS

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card