Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

500 USR SSLVPN Lic killed my Failover config...

Yesterday we I installed the 500 User SSL VPN lic on our ASA-5540 pair (redundant Active/Standby).

Prior to doing so Failover was working fine. My last config session ended around 4:04pm on Friday 2/9/07

and is reflected by the TFTP config file I wrote out when I was done. Then Yesterday after completing the SSL Lic install

I attempted to do my normal config safe routine; wr mem, wr net, wr stand. My wr stand command

returned an error stating that failover must be enabled. This was concerning so I check in ASDM, CLI and performed a diff

on my config file from 2/9/07 and the one from 2/12/07. What I found was that yes failover was disabled. The only changes

showed by the diff on the config were the addition of the SSL as well as enabling SSL VPN on the outside interface.

I have sole admin control of this ASA, the logs show I was the last person to access it on 2/9/07 and then again when I registered

the SSL VPN lice on 2/12/07 and no other portions of the config other than failover and SSL VPN areas were changed.

This points pretty clearly to the SSL VPN changes somehow having caused my failover config to change.

Has anyone else seen this? Any ideas? Considering this is the clients primary firewall and sees activity 24/7 I am

not comfortable making more changes including failover (which appears to need setup from scratch again) until I can

identify the root of the problem. I am also opening a TAC case and will update this post if TAC figures this out before

NetPro does.


CreatePlease login to create content