Unable to monitor multiple ASA5505's

We are an MSP using SCOM 2012 R2 UR4 for server and network device monitoring. We deploy Cisco ASA5505's at all of our customers locations. Since we moved to SCOM 2012 R2 (fresh install) we've been unable to monitor most of these ASA's. The reason is that Cisco has shipped a massive batch of ASA that have the same MAC address on a virtual interface called Internal-Data0/1. Normally this wouldn't be a problem but it's also the lowest mac-address on the device, so SCOM uses this MAC address as the unique device-key. Adding another one of these ASA's into SCOM results in them replacing each other. So we can only have 1 of these ASA's in at a time. I have created a support case with Microsoft to no avail, they just pointed the finger at Cisco. I'm currently working with Cisco TAC to see if they can come up with a solution.

Has anyone else had this problem? How have you solved it? I noticed a bunch of config files on the management server under C:\Program Files\Microsoft System Center 2012 R2\Operations Manager\Server\NetworkMonitoring\. I was wondering if these are editable to block SCOM from looking for that interface name or MAC address.

Here's a copy of the interface that is causing the issues:

9: Int: Internal-Data0/1    : address is 0000.0003.0002, irq 255

Thank you!

January 22nd, 2015 4:39pm

For monitoring ASA, you need to verify that you can connect to ASA using SNMP to can monitoring it.

Also i recommend to ask this question on Cisco community because this issue is related ASA

https://supportforums.cisco.com/document/7336/snmp-mibs-and-traps-asa-additional-information

Free Windows Admin Tool Kit Click here and download it now
January 25th, 2015 12:03am

We are using SNMP, as stated the problem is that their is an internal-data interface that is the same across multiple ASA's. SCOM uses the lowest mac address as the unique device key. This is what's causing the problem. I've already spoke with Cisco TAC as I stated, they have no solution. I would imagine there's a way to tell SCOM to simply ignore a mac-address or an interface with a specific label. 

Also, please do not mark that as the answer as it is not.

  • Edited by Senah Wednesday, February 04, 2015 2:02 PM
February 4th, 2015 5:01pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics