ā11-25-2011 12:16 PM - edited ā03-11-2019 02:55 PM
the story is
we configure the
monitor interface inside
monitor interface outside
monitor interface partner
and save configue
but when i show run monitor-interface
the configure do not show the 3 montitor interfaces, it only show other monitor interfaces,which can failover , but not the above 3 interfaces, however they are all showed interface monitor in the ASDM configure
here is the show version
==================================
Cisco Adaptive Security Appliance Software Version 8.2(4)4
Device Manager Version 6.4(5)
Compiled on Thu 03-Mar-11 17:18 by builders
System image file is "disk0:/asa824-4-k8.bin"
Config file at boot was "startup-config"
dcm-lidc-fw1 up 9 days 18 hours
failover cluster up 16 days 20 hours
Hardware: ASA5540, 2048 MB RAM, CPU Pentium 4 2000 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash Firmware Hub @ 0xffe00000, 1024KB
Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.05
0: Ext: GigabitEthernet0/0 : address is 30e4.db7b.6f82, irq 9
1: Ext: GigabitEthernet0/1 : address is 30e4.db7b.6f83, irq 9
2: Ext: GigabitEthernet0/2 : address is 30e4.db7b.6f84, irq 9
3: Ext: GigabitEthernet0/3 : address is 30e4.db7b.6f85, irq 9
4: Ext: Management0/0 : address is 30e4.db7b.6f86, irq 11
5: Int: Internal-Data0/0 : address is 0000.0001.0002, irq 11
6: Int: Not used : irq 5
7: Ext: GigabitEthernet1/0 : address is 30e4.db02.1f96, irq 255
8: Ext: GigabitEthernet1/1 : address is 30e4.db02.1f97, irq 255
9: Ext: GigabitEthernet1/2 : address is 30e4.db02.1f98, irq 255
10: Ext: GigabitEthernet1/3 : address is 30e4.db02.1f99, irq 255
11: Int: Internal-Data1/0 : address is 0000.0003.0002, irq 255
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 200
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Security Contexts : 2
GTP/GPRS : Disabled
SSL VPN Peers : 2
Total VPN Peers : 5000
Shared License : Disabled
AnyConnect for Mobile : Disabled
AnyConnect for Cisco VPN Phone : Disabled
AnyConnect Essentials : Enabled
Advanced Endpoint Assessment : Disabled
UC Phone Proxy Sessions : 2
Total UC Proxy Sessions : 2
Botnet Traffic Filter : Disabled
This platform has an ASA 5540 VPN Premium license.
==========here is the show monitor interface, it does not show outside/inside/partner====================
-fw1# sh run monitor-interface
monitor-interface app
monitor-interface dmz
monitor-interface data
monitor-interface dev-app
monitor-interface dev-data
no monitor-interface management
-fw1#
-fw1(config)# sh run all | in monitor
banner motd * This is a private and monitored system. *
monitor-interface app
monitor-interface dmz
monitor-interface data
monitor-interface dev-app
monitor-interface dev-data
no monitor-interface management
===============failover test =============
- unplug the outside interface cable on primary , led go off, but failover does not happen-
- upplug the cable on inside, or parner , it still do not failover
- only unplug the cable on other monitor interface , it failover.
=======clear config monitor-interface, and enter monitor-interface command for all the interface, re test, again, same result=======
ā11-25-2011 12:19 PM
more information
the outside, inside, and partner interface are all physical interfaces.
ā11-25-2011 12:22 PM
even after I enter
failover monitor-interface outside
failover monitor-interface inside
failover monitor-interface partner
when i show run
the above 3 command is not show in the configure.
but also, there is no warnning mesage when I enter the command....
this is so weird.
in the ASDM, it again show all 3 interface are monitored.
but it just won't failover when monitor those 3 interface link-down.
ā11-25-2011 12:25 PM
fw1# sh failover
Failover On
Failover unit Secondary
Failover LAN Interface: failover GigabitEthernet1/3 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 8 of 210 maximum
Version: Ours 8.2(4)4, Mate 8.2(4)4
Last Failover at: 15:44:00 EST Nov 24 2011
This host: Secondary - Standby Ready
Active time: 767625 (sec)
slot 0: ASA5540 hw/sw rev (2.0/8.2(4)4) status (Up Sys)
Interface outside (209.202.65.132): Normal
Interface inside (10.100.161.2): Normal
Interface app (10.100.171.2): Normal
Interface dmz (10.100.172.2): Normal
Interface data (10.100.173.2): Normal
Interface dev-app (10.100.174.2): Normal
Interface dev-data (10.100.175.2): Normal
Interface management (10.7.4.9): Failed (Not-Monitored)
Interface partner (10.100.160.14): Normal
slot 1: ASA-SSM-4GE hw/sw rev (1.0/1.0(0)10) status (Up)
Other host: Primary - Active
Active time: 77823 (sec)
slot 0: ASA5540 hw/sw rev (2.0/8.2(4)4) status (Up Sys)
Interface outside (209.202.65.131): Normal
Interface inside (10.100.161.1): Normal
Interface app (10.100.171.1): Normal
Interface dmz (10.100.172.1): Normal
Interface data (10.100.173.1): Normal
Interface dev-app (10.100.174.1): Normal
Interface dev-data (10.100.175.1): Normal
Interface management (10.7.4.8): Normal (Not-Monitored)
Interface partner (10.100.160.13): Normal
slot 1: ASA-SSM-4GE hw/sw rev (1.0/1.0(0)10) status (Up)
Stateful Failover Logical Update Statistics
Link : failover GigabitEthernet1/3 (up)
Stateful Obj xmit xerr rcv rerr
General 1001073 0 443701 25
sys cmd 194284 0 194283 0
up time 0 0 0 0
RPC services 0 0 0 0
TCP conn 262196 0 45389 2
UDP conn 342196 0 47480 3
ARP tbl 202397 0 156529 20
Xlate_Timeout 0 0 0 0
IPv6 ND tbl 0 0 0 0
VPN IKE upd 0 0 10 0
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide