Guest

Preview Tool

Cisco Bug: CSCvu57734 - Incorrect behaviour when SNMP polling is done on virtual IP of an ASA cluster with Multicontext

Last Modified

Aug 13, 2020

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

9.12(3.12)

Description (partial)

Symptom:
We have the below configuration:

ip local pool CLUSTER x.x.x.52-x.x.x.54

interface Ethernet1/1
 management-only individual
 nameif management
 security-level 0
 ip address x.x.x.51 255.255.255.0 cluster-pool CLUSTER

From the "Show interface ip brief: command, we get below output:

Interface                  IP-Address      OK?           Method Status      Protocol
Ethernet1/1                x.x.x.52         YES           IP-POOL up          up  
                                 x.x.x.51         YES           VIRTUAL up          up  

From above output, we can see the VIP is the x.x.x.51  and Local IP is the x.x.x.52.

Now, if an snmpwalk is performed on the ASA VIP address (x.x.x.51), the ASA responds back using the local IP address (x.x.x.52) as the source instead of using the same VIP address.

Conditions:
ASA Cluster deployment
ASA configured in Multiple context mode
SNMP poll is performed on the VIP instead of the IP the ASA picks up from the pool (Local IP address)
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.