SLA Monitor on CISCO ASA

alexandro.angel@softtek.com · ‎12-20-2019

Hello team,

What if we want to monitor a destination which is reachable through a Site to Site VPN? I have configured it by using the inside interface to source it, but unfortunately this is not working. Below my config:

sla monitor 20
type echo protocol ipIcmpEcho 192.168.72.254 interface inside
frequency 5
sla monitor schedule 20 life forever start-time now

Unfortuntately, I'm getting timeouts as if traffic is not making it:

Entry number: 20
Modification time: 11:07:03.109 EST Thu Dec 19 2019
Number of Octets Used by this Entry: 2056
Number of operations attempted: 8031
Number of operations skipped: 8029
Current seconds left in Life: Forever
Operational state of entry: Active
Last time this entry was reset: Never
Connection loss occurred: FALSE
Timeout occurred: TRUE
Over thresholds occurred: FALSE
Latest RTT (milliseconds): NoConnection/Busy/Timeout
Latest operation start time: 09:25:08.110 EST Fri Dec 20 2019
Latest operation return code: Timeout
RTT Values:
RTTAvg: 0 RTTMin: 0 RTTMax: 0
NumOfRTT: 0 RTTSum: 0 RTTSum2: 0

However, if I manually source the ping it works fine:

ASA# ping inside 192.168.72.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.72.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/8/10 ms

Kind Regards,

Sheraz.Salim · ‎12-21-2019

This is not possible. unless you run a ping from the host inside network to remote destin network. here is a similar post in past asking the same question.

please do not forget to rate.