Yesterday we I installed the 500 User SSL VPN lic on our ASA-5540 pair (redundant Active/Standby).
Prior to doing so Failover was working fine. My last config session ended around 4:04pm on Friday 2/9/07
and is reflected by the TFTP config file I wrote out when I was done. Then Yesterday after completing the SSL Lic install
I attempted to do my normal config safe routine; wr mem, wr net, wr stand. My wr stand command
returned an error stating that failover must be enabled. This was concerning so I check in ASDM, CLI and performed a diff
on my config file from 2/9/07 and the one from 2/12/07. What I found was that yes failover was disabled. The only changes
showed by the diff on the config were the addition of the SSL as well as enabling SSL VPN on the outside interface.
I have sole admin control of this ASA, the logs show I was the last person to access it on 2/9/07 and then again when I registered
the SSL VPN lice on 2/12/07 and no other portions of the config other than failover and SSL VPN areas were changed.
This points pretty clearly to the SSL VPN changes somehow having caused my failover config to change.
Has anyone else seen this? Any ideas? Considering this is the clients primary firewall and sees activity 24/7 I am
not comfortable making more changes including failover (which appears to need setup from scratch again) until I can
identify the root of the problem. I am also opening a TAC case and will update this post if TAC figures this out before