02-15-2010 04:36 AM - edited 03-11-2019 10:09 AM
I have a pair of 5520's running OS v. 8.2.(1) in a LAN based active/standby failover configuration.
Over the weekend, some failover testing was performed and we found to our dismay that the ASA configs were not in sync ! We've checked all interface logs and counters, combed through the syslogs for the ASA's and the switches involved but could find no apparent reason for the mismatch other than that the primary/active ASA hasn't been pushing the config changes to the secondary/backup ASA when performed.
Is this a known Problem with the running OS or could there be other factors involved which we have not perceived up until now ?
Many thanks in advance,
Phil
02-15-2010 04:44 AM
02-15-2010 04:58 AM
Hi Francisco,
there was absolutely no indication that the configs were out of sync, nothing visible from the CLI or ASDM. The sync errors are not only confined to various VPN ACL's but to other VPN parameters as well. If there is a known bug in the running OS then an upgrade should help.
That's something we've had planned for a while but due to .............never got round to it.
Many thanks,
Phil
02-15-2010 06:20 AM
Pls. make sure you can copy a sample text file to the flash of the standby unit via tftp.
If you can't then there is a problem with flash and you may have to run fsck on flash which may resolve the issue.
-KS
02-15-2010 07:11 AM
Hi Kusankar,
I don't have a tftp server I can use in the ASA network due to the ASA's file transfer capabilities for http etc. If the oppertunity arrises, I'll test what you suggested.
Many thanks,
Phil
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide