I am currently trying to set up a pair of FWSMs on 2 peered 6509s as a failover (active/standby) pair.
The 2 chassis have a ten gig link trunked between them with 3 VLANs on the trunk - outside (which routes to the MSFC on the 6509), state, and failover. I got the failover commands on the primary and enabled failover. I put the skeleton config on my failover unit and it saw the active unit and started the config download. Unfortunately, it failed on that 2 times with this message:
Config Sync Error: Following command could not be executed on
access-list Inside_acl commit-status committed line 25 extended permit
tcp any object-group SFC_NTP_Servers eq 123
******REPLICATION OF CONFIGURATION FROM ACTIVE TO STANDBY UNIT IS INCOMPLETE,
TO PREVENT THE STANDBY UNIT TAKING OVER AS ACTIVE WITH A PARTIAL CONFIGURATION,
THE STANDBY UNIT WILL NOW REBOOT*******
If the sync fails, is that something in the configuration that causes sync failures or is that a physical connectivity issue? I don't have that much experience with the FWSM failover yet (I've only done this with the PIX 500 series previously).
Any help or suggestions would be appreciated.