50-9
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter50 Configuring Hostname, Resources, User Accounts, and SLAs
Monitoring Service Level Agreements (SLAs) To Maintain Connectivity
c. The monitoring options are appropriate for most connections, so you need only configure the
following:
Name—The name of the object.
SLA Monitor ID—An identifying number for the monitoring process. The number must be
unique within a device configuration.
Monitored Address—The address that you are monitoring. When you select a monitoring target,
make sure that it can respond to ICMP echo requests (pings). The target can be any network
address that you choose, but consider the use of:
The ISP gateway address.
The next hop gateway address (if you are concerned about the availability of the ISP gateway).
A server on the target network, such as an AAA server, with which the security appliance needs
to communicate.
A persistent network device on the destination network. (A desktop or notebook computer that
gets shut down at night is not a good choice.)
Interface—The interface name, or interface role that identifies an interface, that will be the
source of the ICMP messages. The device pings the monitored address from this interface’s IP
address.
d. Click OK to save the object.
Step 2 Configure ASA/PIX policies to use the object to monitor routes. You can configure the following
policies to monitor SLAs:
Platform > Routing > Static Route—When you define a static route, you can select an SLA
monitor object to do route tracking for the route. For more information, see Configuring Static
Routes, page 54-48 and Add/Edit Static Route Dialog Box, page 54-49.
Interfaces—When you define an interface that uses DHCP or PPPoE, you can configure the DHCP
or PPPoE learned default routes to be tracked. For more information, see Device Interface: IP Type
(PIX/ASA 7.0+), page 45-36.
Configuring SLA Monitor Objects
Use the Add or Edit SLA (Service Level Agreement) Monitor dialog box to create, edit, and copy SLA
monitor objects. Each SLA monitor defines a connectivity policy to a monitored address and tracks the
availability of a route to the address. The route is periodically checked for availability by sending ICMP
echo requests and waiting for the response. If the requests time out, the route is removed from the routing
table and replaced with a backup route.
You can configure SLA monitors only for security appliances running PIX/ASA version 7.2 or higher.
SLA monitoring jobs start immediately after deployment and continue to run unless you remove the SLA
monitor from the device configuration (that is, they do not age out).
For more information about configuring and using SLA monitor objects, see Monitoring Service Level
Agreements (SLAs) To Maintain Connectivity, page 50-7.
Navigation Path
Select Manage > Policy Objects, then select SLA Monitors from the Object Type Selector. Right-click
inside the work area and select New Object or right-click a row and select Edit Object.