ASA Active/Standby Failover Question

Unanswered Question
Jan 30th, 2008
User Badges:

hi,


I have a customer who has upgraded from pix520 to asa 5520 with csc modul in march 2007. now the customer has a second asa 5520 with csc modul.


today we are going on with the failover configuration and now we have a big problem... I tested the high availability wizard, and got the error message, hardware module compatibility test for platform failed !!!



I was wondering that there are two different hardware versions...


actual asa show module information says


Mod Card Type Model Serial No.

--- -------------------------------------------- ------------------ -----------

0 ASA 5520 Adaptive Security Appliance ASA5520-K8 JMX1050K2Q4

1 ASA 5500 Series Content Security Services Mo ASA-SSM-CSC-10 JAF10441526


Mod MAC Address Range Hw Version Fw Version Sw Version

--- --------------------------------- ------------ ------------ ---------------

0 0018.73d7.0446 to 0018.73d7.044a 1.1 1.0(11)2 7.2(2)

1 0019.0665.4a53 to 0019.0665.4a53 1.0 1.0(11)2 CSC SSM 6.2.1599.0


Mod SSM Application Name Status SSM Application Version

--- ------------------------------ ---------------- --------------------------

1 CSC SSM Up 6.2.1599.0


Mod Status Data Plane Status Compatibility

--- ------------------ --------------------- -------------

0 Up Sys Not Applicable

1 Up Up




new asa 5520 show modul


Mod Card Type Model Serial No.

--- -------------------------------------------- ------------------ -----------

0 ASA 5520 Adaptive Security Appliance ASA5520 JMX1152L1FA

1 ASA 5500 Series Content Security Services Mo ASA-SSM-CSC-10 JAF1150ALFD


Mod MAC Address Range Hw Version Fw Version Sw Version

--- --------------------------------- ------------ ------------ ---------------

0 001d.a29a.714a to 001d.a29a.714e 2.0 1.0(11)2 7.2(2)

1 001e.13f0.2056 to 001e.13f0.2056 1.0 1.0(11)2 CSC SSM 6.2.1599.0


Mod SSM Application Name Status SSM Application Version

--- ------------------------------ ---------------- --------------------------

1 CSC SSM Up 6.2.1599.0


Mod Status Data Plane Status Compatibility

--- ------------------ --------------------- -------------

0 Up Sys Not Applicable

1 Up Up



there are two different hw versions 1.1 and 2.0


Any ideas how I can get up the failover working properly??


thanks for help

rene

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
cisco__kaushik Wed, 01/30/2008 - 19:21
User Badges:

Hi,

A failover will only work if both the boxes has the same features, code and the hardware.Ideally hw version should not pose a problem.Pl check the licences by using show ver and check if the licenses/features are same

andrew.burns Tue, 07/01/2008 - 08:22
User Badges:
  • Gold, 750 points or more

Hi,


The first box doesn't have the 3DES/AES license (as shown by the ASA5520-K8) whereas the second box does (says ASA5520 without K8 designation).


They need to match for failover to work, but you can get the license for free by registering the serial number here (normally get it within the hour):


http://www.cisco.com/go/license


The hw-version isn't important for failover.


HTH

Andrew.


sansari Mon, 09/22/2008 - 11:09
User Badges:

I am running into what may be another issue with licenses. My primary has active/active, and what is configured as backup has active/standby license. Would this cause and issue?

sansari Mon, 09/22/2008 - 11:10
User Badges:

I am running into what may be another issue with licenses. My primary has active/active, and what is configured as backup has active/standby license. Would this cause and issue?

Actions

This Discussion