strange ASA error message after update

Unanswered Question
Aug 9th, 2010

Hi,

we are running two 5520 ASAs in Active-Standby-Failover and since we flashed the ASA to the newest

interim firmware release 8.2(2)17, we see the following entry:

%ASA-5-720012: (VPN-Secondary) Failed to update IPSec failover runtime data on the standby unit.

This happens every few seconds and about 20 times per second. The documentation just says:

Error Message    %ASA-6-720012: (VPN-unit) Failed to update IPSec failover runtime data 
on the standby unit.

Explanation   This message appears when the VPN failover subsystem cannot update IPSec-related  runtime data because the corresponding IPSec tunnel has been deleted on the standby unit.

unit—Either Primary or Secondary

Recommended Action   None required.

Although the error message just is a level-5 message, it's a bit worrying, because it shows that the

secondary ASA out of sync concerning IPsec failover data.

Does anyone has any ideas what to do?

Is it just due to the new firmware, that makes the ASA more chatty or is it maybe a more severe problem?

Thanks!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jason Gervia Mon, 08/09/2010 - 05:31

Peter,


This looks like a new bug that hasn't been addressed yet.  I would open a TAC case so that they are aware and can work with the developers and get the issue resolved.

--Jason

network770 Tue, 08/30/2011 - 08:19

Has this issue been resolved, I am getting the following error :

(VPN-Secondary) Failed to update IPSec failover runtime data on the standby unit.

I'm running 8.2(4)4

anjli_jain Tue, 07/22/2014 - 06:57

Solution

These error messages are informative errors. The messages do not impact functionality of the ASA or the VPN.

These messages appear when the VPN failover subsystem cannot update IPsec-related runtime data because the corresponding IPsec tunnel has been deleted on the standby unit. In order to resolve these, run the wr standby command on the active unit.

Thanks

Jai

Peter Tscherner Tue, 07/22/2014 - 07:33

Hi Jai,

the problem has been a bug in the code that has been fixed some time ago.

The messages were not just informational, but the information never got replicated to the standby in our setup.

Best regards,

Markus

 

Actions

This Discussion