Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8734
Views
5
Helpful
1
Replies

ASA: Failover Using Sub Interface = (Not Monitored)?

Go to solution
chrisbicm
Level 1
Level 1

‎06-13-2006 06:54 AM - edited ‎02-21-2020 12:57 AM

Hello,

I just set up 2 ASA 5520s in an Active/Passive configuration.... I had to use sub-interfaces for my 2 pipes comming into the office for the outside interface. When I do a "Show Failover" command it says (Not Monitored) take a look at the read out. Does anyone know why they arent monitored, and is there a way I can make it so they are?

This host: Primary - Active

Active time: 1627869 (sec)

slot 0: ASA5520 hw/sw rev (1.1/7.0(4)) status (Up Sys)

slot 1: empty

Interface DMZ (10.10.x.x): Normal

Interface Private (192.168.x.x): Normal

Interface Outside1 (66.38.x.x): Normal (Not-Monitored)

Interface Outside2 (64.187.x.x): Normal (Not-Monitored)

Other host: Secondary - Standby Ready

Active time: 233226 (sec)

slot 0: ASA5520 hw/sw rev (1.1/7.0(4)) status (Up Sys)

slot 1: empty

Interface DMZ (10.10.x.x): Normal

Interface Private (192.168.x.x): Normal

Interface Outside1 (66.38.x.x): Normal (Not-Monitored)

Interface Outside2 (64.187.x.x): Normal (Not-Monitored)

Outside1 and Outside2 are sub-interfaces (g0/0.1 and g0/0.2)

Thanks,

Chris

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
gfullage
Cisco Employee
Cisco Employee

‎06-14-2006 12:41 AM

The "not-monitored" simply means you haven't set these up as failover monitored interfaces, see the monitor-interface command here:

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_7_1/cmd_ref/m_711.htm#wp1636148

Note that "Monitoring of physical interfaces is enabled by default; monitoring of logical interfaces is disabled by default.", which is why your DMZ and private int's are being monitored, but your sub-int's are not.

View solution in original post

1 Reply 1

Go to solution
gfullage
Cisco Employee
Cisco Employee

‎06-14-2006 12:41 AM

The "not-monitored" simply means you haven't set these up as failover monitored interfaces, see the monitor-interface command here:

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_7_1/cmd_ref/m_711.htm#wp1636148

Note that "Monitoring of physical interfaces is enabled by default; monitoring of logical interfaces is disabled by default.", which is why your DMZ and private int's are being monitored, but your sub-int's are not.

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card