Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA 5510 Webvpn Problem

I currently have a set of ASA 5510s with security plus, configured with state full active standby fail-over. They have been working for months, running an IPSEC remote access VPN, as well as some OSPF and VLAN stuff etc.

Today I needed to add in webvpn, which is where the problem came.

Once I entered webvpn enable outside, I lost connection to the firewall, and when I went to look at them, both boxes were not active, instead of the secondary being standby, which is why I was unable to get to it. So I powered off the second one, and the primary started working just fine.

I have not been able to figure out why enabling webvpn caused me to loose connection to the firewall for 1, but even if that is normal, why did it make the secondary firewall go active?

I checked the configured on the second firewall, and all configuration is replicated except the webvpn and webvpn sub configuration commands, which is very odd. I am not having a problem getting the secondary firewall re-synced with the primary, and was wondering if anyone has seem similar problems. I ended up clearing the configuration on the secondary and unplugging it, and then only putting the fail-over commands in, and trying to start that one from scratch, but no luck,the configuration wont sync and if I do write standby for manual sync, it says in progress, try again later, but its been that way for hours etc, so not sure what could be wrong there. I am thinking something is just hung and I may need to reboot the primary, but this is a production firewall, so would be the last resort.

Any help is appreciated, thanks.


Re: ASA 5510 Webvpn Problem

Very odd that enabling SSL webvpn on outside interface brakes connectivity , this seems behaviour of a bug. What version code are you running to see if there is any bug resambling this issue, post the output of "show version" from both the active and standby..



Community Member

Re: ASA 5510 Webvpn Problem

Software Version 8.0(3)

CreatePlease to create content