Last night my firewall failover to secondary suddenly and I am still trying to find the root cause. Looking at the log and history, I saw the reason of failover because the "Service card in other unit has failed". Further investigating and the card is SSM according to Cisco web page. So I think it is the AIP-SSM card. Still do not know why the card was failed that trigger the failover. ASA running code 8.0.4. Right now the secondary is still the active ASA. We have the Netscaler in the DMZ doing web hosting. Could it be to much traffic for the ASA and/or AIP-SSM to handle? Anyone has any idea is appreciated.
Thanks Dileep. My thought is the same since SSM in line will cause some problem with thoughput.
I tried to check the logs on the IPS but did not see anything out of ordinary (I think) since I am not able to show
any actual events back on January 14 just in general of tcp traffic and there is no idication of the attack. For sure
I was able to see the ASA CPU hits around 75% as normal between 40% to 45% when traffic around 350M. When
failover happened, there were few spike around 530M and the Secondary is working fine.
I am planning to remove the inspect http from the global policy inspection. Any idea how the ASA behave when
the inspection http is removed. Is it a good idea?
Thank you for answer from the other question and I know you did mention will causing some problem if inspection http is removed, is it going to be a big problem because http will not be inspect by the IPS.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...