11-04-2008 11:32 PM
hi,
I have imported the SSL keys/Certs to standby ACE module and the FT group status is now showing HOT_STANDBY instead of COLD.
However, I don't see key and cert under ssl-proxy service definition as well as the reference to ssl-proxy server in the policy map configuration on the redundant module. Is this normal ?
Would the above definitions be seen after successful failover ?
Solved! Go to Solution.
11-05-2008 02:44 AM
the ssl-proxy config on the standby could not be applied because of missing files.
If for some reason, the standby became active, it would do a synch to the other device which would result in both ACE having the wrong config.
Gilles.
11-04-2008 11:51 PM
No. You should see the correct config before failover.
Make sure to run the latest version and if the problem persist open a service request with the TAC.
G.
11-05-2008 01:54 AM
It is resolved. For some reason, the SSL related configurations got wiped off from the active module and I had to redo it.
Would you know of any reason for this behaviour. Scary...
11-05-2008 02:44 AM
the ssl-proxy config on the standby could not be applied because of missing files.
If for some reason, the standby became active, it would do a synch to the other device which would result in both ACE having the wrong config.
Gilles.
11-14-2008 01:14 AM
Yup. That was the reason. The failover occurred before configuration was fully synchronized.
11-15-2008 09:55 AM
If you don't have the certs on both modules, they won't sync.
Also if you see that the ft group is in cold_standby,
You can do the following to get them to sync back up.
ft group 2
no inservice
inservice
This does not cause any issues. I have had to do it serveral time.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide