Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
569
Views
0
Helpful
5
Replies

SSL Certs on Standby ACE module

Go to solution
new_networker
Level 1
Level 1

‎11-04-2008 11:32 PM

hi,

I have imported the SSL keys/Certs to standby ACE module and the FT group status is now showing HOT_STANDBY instead of COLD.

However, I don't see key and cert under ssl-proxy service definition as well as the reference to ssl-proxy server in the policy map configuration on the redundant module. Is this normal ?

Would the above definitions be seen after successful failover ?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Gilles Dufour
Cisco Employee
Cisco Employee
In response to new_networker

‎11-05-2008 02:44 AM

the ssl-proxy config on the standby could not be applied because of missing files.

If for some reason, the standby became active, it would do a synch to the other device which would result in both ACE having the wrong config.

Gilles.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Gilles Dufour
Cisco Employee
Cisco Employee

‎11-04-2008 11:51 PM

No. You should see the correct config before failover.

Make sure to run the latest version and if the problem persist open a service request with the TAC.

G.

0 Helpful

Go to solution
new_networker
Level 1
Level 1
In response to Gilles Dufour

‎11-05-2008 01:54 AM

It is resolved. For some reason, the SSL related configurations got wiped off from the active module and I had to redo it.

Would you know of any reason for this behaviour. Scary...

0 Helpful

Go to solution
Gilles Dufour
Cisco Employee
Cisco Employee
In response to new_networker

‎11-05-2008 02:44 AM

the ssl-proxy config on the standby could not be applied because of missing files.

If for some reason, the standby became active, it would do a synch to the other device which would result in both ACE having the wrong config.

Gilles.

0 Helpful

Go to solution
new_networker
Level 1
Level 1
In response to Gilles Dufour

‎11-14-2008 01:14 AM

Yup. That was the reason. The failover occurred before configuration was fully synchronized.

0 Helpful

Go to solution
chris.pomeroy
Level 1
Level 1
In response to new_networker

‎11-15-2008 09:55 AM

If you don't have the certs on both modules, they won't sync.

Also if you see that the ft group is in cold_standby,

You can do the following to get them to sync back up.

ft group 2

no inservice

inservice

This does not cause any issues. I have had to do it serveral time.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents