[c-nsp] IP SLA source pings on PIX/ASA ?

Eshan Bhide eshanbhide at gmail.com
Tue Apr 19 02:43:57 EDT 2011


To anybody reading this, this is an open bug/feature request with Cisco TAC.

On Thu, Apr 14, 2011 at 7:24 AM, Rama Darbha <rdarbha at gmail.com> wrote:

> Eshan,
>
> This is a tricky design, as you know we can't ping to or from the "far
> side" interface of the PIX/ASA.
>
> Here is a guide that talks about how to use Smart Call Home as a
> workaround that issue:
> https://supportforums.cisco.com/docs/DOC-15571
>
> Does this offer the solution you want?
>
> Regard,
> Rama


On Wed, Apr 13, 2011 at 10:25 PM, Eshan <eshanvb at gmail.com> wrote:

> I tried asking this question elsewhere but wasn't able to get a
> satisfactory
> response, thought I should try here!
>
> We have site to site mesh ipsec tunnels that terminate on different PIXes.
> A
> requirement for clients using these tunnels is to monitor the downtime on a
> particular tunnel - using a trap sent to a remote syslog server, I am able
> to filter the SNMP trap, and send an email alert.
> However, is there any way to go one step further and keep a record (track)
> of when the tunnel goes down and keep this data? On routers we usually use
> IP SLA's with source IP specified and this seems to work very well.
>
> On PIX/ASA however when I do a 'source' internal ipIcmpEcho (as the tunnel
> far end is only accessible through a route within itself) - the track
> feature fails. Can there be no IP SLA by specifying a source to ping from
> on
> PIX/ASA's as is the case with routers?
>
> Thank you muchly:)
>
> Eshan.
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>


More information about the cisco-nsp mailing list