[spectrum] Cisco Firewall can not be reached by Spectrum Backup from an other Network.

Thu, 11 Feb 2010 01:27:16 -0800 

Hello all,

we are dealing with the following problem:

our Cisco Firewall Service Modules (FWSM) are monitored by Spectrum Primary and 
Backup Pollers. These two pollers are located at different sites.
Due to that
- the FWSM can only be addressed by their nearest interface to the requestor
- the Backup Poller uses the same IPS as the Primary Poller to address the FWSM
monitoring fails, if the monitoring is switched from Primary to Backup:

Example:
                                         __________________________________
Primary Poller -------------------+ IP: 10.0.0.1   FWSM   IP: 192.168.0.1 
+----------------------  Backup Poller
(local site)                             __________________________________     
                   (outside)

Monitoring works fine for Primary Poller, addressing the FWSM with IP 10.0.0.1, 
but monitoring the FWSM by the Backup with IP 10.0.0.1 fails, because the FWSM 
architecture does not allow this communication.
On the other hand, the Backup cannot be generated to use IP 192.168.0.1 instead 
of 10.0.0.1 to address the FWSM.

Is there any other solution known to you than using two different outside 
locations for Primary and Backup Poller?


FWSM1# sh ver

FWSM Firewall Version 3.2(7) <context>
Device Manager Version 5.2(4)F

Compiled on Wed 02-Jul-08 20:04 by fwsmbld

FWSM1 up 110 days 16 hours
failover cluster up 305 days 15 hours

Hardware:   WS-SVC-FWM-1

Licensed features for this user context:
Failover                    : Active/Active
VPN-DES                     : Enabled
VPN-3DES-AES                : Enabled
GTP/GPRS                    : Disabled
BGP Stub                    : Disabled

Configuration last modified by enable_15 at 19:57:00.242 UTC Sat Feb 6 2010


respectively:

FWSM2# sh ver

FWSM Firewall Version 4.0(8) <context>
Device Manager Version 6.1(5)F

Compiled on Thu 22-Oct-09 15:47 by fwsmbld

FWSM2 up 39 days 12 hours
failover cluster up 39 days 12 hours

Hardware:   WS-SVC-FWM-1

Licensed features for this user context:
Failover                    : Active/Active
VPN-DES                     : Enabled
VPN-3DES-AES                : Enabled
GTP/GPRS                    : Disabled
BGP Stub                    : Disabled
Service Acceleration        : Disabled

Configuration last modified by enable_15 at 20:57:26.409 UTC Sat Feb 6 2010


Thanks in advance.

Frank Wagner

---
To unsubscribe from spectrum, send email to [email protected] with the body: 
unsubscribe spectrum [email protected]

Reply via email to