cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1235
Views
5
Helpful
8
Replies

Questions regarding events

siuga
Level 1
Level 1

Hello, I have some questions regarding a couple events. The events in question are 776017 and 776018.

When the message is Binding (ip) from peer (ip), would the binding ip be the destination ip and the peer ip would be the source ip?

8 Replies 8

Hi,

Did you attach anything? Where this events come from ? Can you provide more information ?

 

 

 

 

 

 

-If I helped you somehow, please, rate it as useful.-

The events are coming form a customer in a syslog.

This are the events in question:

<167>:%ASA-cts-7-776017: CTS SXP: Binding 172.25.20.190->1141:ychu from peer 172.16.10.43 (instance 2) deleted in SXP database.

<167>:%ASA-cts-7-776018: CTS SXP: Binding 172.25.5.202->1384:SmartDevice from peer 172.19.10.12 (instance 3) added in SXP database.

 

My question are:

Binding <IP> is it source or is it destination?

->1141 is it a port?

from peer 172.16.10.43 is it source or destination?

Hi,

 

This is about Cisco TrustSec. ASA uses Security Exchange Protocol. 

The SXP connections are point-to-point and use TCP as the underlying transport protocol.  Additionally, an SXP connection is uniquely identified by the source and destination IP addresses.

 

CTS SXP: Binding 172.25.20.190->1141 

This is the source:

"The source_ip_address argument is the local IPv4 or IPv6 address of the SXP connection. The source IP address must be the same as the ASA outbound interface or the connection fails."

 

from peer 172.16.10.43 (instance 2) deleted in SXP database.

The peer_ip_address argument is the IPv4 or IPv6 address of the SXP peer. The peer IP address must be reachable from the ASA outgoing interface.

 

You can use the command: show cts sxp connections

 

 

-If I helped you somehow, please, rate it as useful.-

Want to make sure, is 1141 the port or is just a number that is automatically assigned?

It is a port randomly assigned.

 

 

 

 

 

-If I helped you somehow, please, rate it as useful.-

also regarding the 2nd event, that IP is still source IP or would it be destination IP

Would you please answer the question?

Thank you

Hi @siuga

 

 Sorry about that, didn't see your comment. Well, I suppose this is also the source but I recommend you to check that as I don't have all the information about those devices. I'm relying on the understanding of the protocol but depends on the flow, the source and destination may change.

 Let me know if that help.

 

-If I helped you somehow, please, rate it as useful.-

Review Cisco Networking for a $25 gift card