I have a pair of CAS that I am trying to HA up, but I am running into a bit of drama. I have followed the HA configuration section in the Appliance Hardware installation document to the letter, but it just isn't hooking up as it should.
Both servers are 3355s, I am setting up the heartbeat over the eth2 interface as a straight layer 2 connection. If both servers are set as standalone in the failover section of the gui, I am able to ping the heartbeat interface address of each of the servers from each other. Once I configure the primary cas as per the appliance installation guide, I am not able to ping the eth2 heartbeat address of the primary from the other server. Once I complete the secondary HA setup, I can run tcpdump from the server cli on the eth2 interface and I can see the 2 heartbeat interfaces requesting and responding to arp requests from each other successfully. I also see an number of isakmp exchanges between the 2 servers, then I see another set of arp requests. This process of successful arp requests - isakmp exchange, successful arp requests - isakmp exchanges continually runs. But the servers never HA up. The Primary reports that the Secondary is dead, the secondary states that the primary is dead, and they battle it out on the CAM and usually the secondary wins out and connects up as the active CAS on the CAM.
I am going to capture the tcpdump and upload here, as well as set the support logs on the servers to TRACE and upload here as well.
I just wanted to post up now to get a start on asking for some help, and I will get on the logs and captures in a few hours when I have access again to the kit.
It may or may not be relevant, but the CAS are connected to a vss 6500, the primary CAS on switch 1 and the secondary CAS on switch 2 of the vss pair.
Any and all assistance is greatly greatly appreciated.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :