ASA Active/Standby Failover Question

Unanswered Question
Jan 30th, 2008

hi,

I have a customer who has upgraded from pix520 to asa 5520 with csc modul in march 2007. now the customer has a second asa 5520 with csc modul.

today we are going on with the failover configuration and now we have a big problem... I tested the high availability wizard, and got the error message, hardware module compatibility test for platform failed !!!

I was wondering that there are two different hardware versions...

actual asa show module information says

Mod Card Type Model Serial No.

--- -------------------------------------------- ------------------ -----------

0 ASA 5520 Adaptive Security Appliance ASA5520-K8 JMX1050K2Q4

1 ASA 5500 Series Content Security Services Mo ASA-SSM-CSC-10 JAF10441526

Mod MAC Address Range Hw Version Fw Version Sw Version

--- --------------------------------- ------------ ------------ ---------------

0 0018.73d7.0446 to 0018.73d7.044a 1.1 1.0(11)2 7.2(2)

1 0019.0665.4a53 to 0019.0665.4a53 1.0 1.0(11)2 CSC SSM 6.2.1599.0

Mod SSM Application Name Status SSM Application Version

--- ------------------------------ ---------------- --------------------------

1 CSC SSM Up 6.2.1599.0

Mod Status Data Plane Status Compatibility

--- ------------------ --------------------- -------------

0 Up Sys Not Applicable

1 Up Up

new asa 5520 show modul

Mod Card Type Model Serial No.

--- -------------------------------------------- ------------------ -----------

0 ASA 5520 Adaptive Security Appliance ASA5520 JMX1152L1FA

1 ASA 5500 Series Content Security Services Mo ASA-SSM-CSC-10 JAF1150ALFD

Mod MAC Address Range Hw Version Fw Version Sw Version

--- --------------------------------- ------------ ------------ ---------------

0 001d.a29a.714a to 001d.a29a.714e 2.0 1.0(11)2 7.2(2)

1 001e.13f0.2056 to 001e.13f0.2056 1.0 1.0(11)2 CSC SSM 6.2.1599.0

Mod SSM Application Name Status SSM Application Version

--- ------------------------------ ---------------- --------------------------

1 CSC SSM Up 6.2.1599.0

Mod Status Data Plane Status Compatibility

--- ------------------ --------------------- -------------

0 Up Sys Not Applicable

1 Up Up

there are two different hw versions 1.1 and 2.0

Any ideas how I can get up the failover working properly??

thanks for help

rene

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
cisco__kaushik Wed, 01/30/2008 - 19:21

Hi,

A failover will only work if both the boxes has the same features, code and the hardware.Ideally hw version should not pose a problem.Pl check the licences by using show ver and check if the licenses/features are same

andrew.burns Tue, 07/01/2008 - 08:22

Hi,

The first box doesn't have the 3DES/AES license (as shown by the ASA5520-K8) whereas the second box does (says ASA5520 without K8 designation).

They need to match for failover to work, but you can get the license for free by registering the serial number here (normally get it within the hour):

http://www.cisco.com/go/license

The hw-version isn't important for failover.

HTH

Andrew.

sansari Mon, 09/22/2008 - 11:09

I am running into what may be another issue with licenses. My primary has active/active, and what is configured as backup has active/standby license. Would this cause and issue?

sansari Mon, 09/22/2008 - 11:10

I am running into what may be another issue with licenses. My primary has active/active, and what is configured as backup has active/standby license. Would this cause and issue?

Actions

This Discussion