08-11-2010 07:59 AM - edited 03-11-2019 11:23 AM
I have two 5510 as Failover pair.
On the primary active I have the phenomenon that from day to day
the running-configuration will get more and more the same entries
like this as example
access-list NAME remark VPN ueber Group NAME auf NAME
I can delete this entries but after a few days I have thousands entries again.
Result of the command: "sh ver"
Cisco Adaptive Security Appliance Software Version 8.0(3)
Device Manager Version 6.1(1)
Compiled on Tue 06-Nov-07 22:59 by builders
System image file is "disk0:/asa803-k8.bin"
Config file at boot was "startup-config"
asa5510 up 7 days 0 hours
failover cluster up 265 days 2 hours
Hardware: ASA5510, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 64MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB
Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.01
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.04
0: Ext: Ethernet0/0 : address is 0017.5a88.abc0, irq 9
1: Ext: Ethernet0/1 : address is 0017.5a88.abc1, irq 9
2: Ext: Ethernet0/2 : address is 0017.5a88.abc2, irq 9
3: Ext: Ethernet0/3 : address is 0017.5a88.abc3, irq 9
4: Ext: Management0/0 : address is 0017.5a88.abbf, irq 11
5: Int: Internal-Data0/0 : address is 0000.0001.0002, irq 11
6: Int: Internal-Control0/0 : address is 0000.0001.0001, irq 5
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 100
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Security Contexts : 2
GTP/GPRS : Disabled
VPN Peers : 250
WebVPN Peers : 10
AnyConnect for Mobile : Disabled
AnyConnect for Linksys phone : Disabled
Advanced Endpoint Assessment : Disabled
This platform has an ASA 5510 Security Plus license.
08-11-2010 08:11 AM
the courios is that the secondary ASA5510 have more entries of this as the primary.
So in Mbyte I have from the primary 8MB configuration file and from the secondary 12MB
After I delete this thousands of entries the configuration file is only 74kb
08-11-2010 10:52 AM
Hi Marcus,
Do you mostly use ASDM to manage the ASA? Can you try the following via CLI without logging into ASDM?
1. Copy the problematic ACL with the duplicate remarks into a text file
show run access-list NAME
2. Remove all the duplicate remarks in the ACL on the text file
3. Change the access-list name on the text file (for example, to access-list NAME_2)
4. Copy access-list NAME_2 from the text file and paste it into the ASA
5. Change the access-group from NAME to NAME_2
Does the resolve the issue with the duplicate remarks?
08-26-2010 04:51 AM
Finally I have deleted the remark entries where the duplicate problem exist.
Since that time problem is solved and I will strongly think about if I use remark again in that area of access lists...
PS: Nearly all configuration changes were made with the ASDM.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: