Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
720
Views
0
Helpful
0
Replies

asa 5545 A/S failover: sync of config to standby fails

meijerivo
Level 1
Level 1

‎04-08-2014 06:19 AM - edited ‎03-11-2019 09:02 PM

Hi,

We have an issue with active standby failover synchronization in the two ASA 5545 9.1 versions:

The synchronization does not happen to the standby unit.

Are there known issues?

After removing and connecting them directly by a utp cable (including a powerdown and reconfiguration of the same failover commands) in G0/6 failover synchronization works. So after putting the ASA's back in production everything was fine and configuration adds were synchronized to the standby. So everything seems to be all right again, but after loss of the Failover link the problem is back again. Now the situation is the Active tries to synchonise and does not stop this process. Also disabling failover is not allowed anymore at that moment. It finds a mate but hangs in the process of synchronizing.

This problem earlier seen, happened after a reboot of one of the switch stacks (for maintenance) and is back now back and synchronization does not work anymore. To reduce the cause of the issue we also tried to directly connect both asa's by separate switches (only connecting the failover interface G0/6) :   Standby-asa--utpcable---switch---fiber-to-other-mer----switch-utp---Active_ASA, in the live network but the active unit can't sync with the standby

the failover link we want use is a dedicated vlan between two 3750 stacks connected to two MER's were a 5545 is located, but also with a dedicated failover link we have tested this issue remains in the live network. However all these changes still don't make the synchronization happen. The config is quite big (over 10,000 line with many static translations). It seems the primary unit tries to synchronize the config but can't really do this. The failover looks good and when typing show failoer we see the mate and message synchronizing to the standby.

config part:

failover
failover lan unit primary
failover lan interface Lan_Failover GigabitEthernet0/6
failover polltime interface 3 holdtime 25
failover key xxx
failover replication http
failover link Lan_Failover GigabitEthernet0/6
failover interface ip Lan_Failover 192.168.200.1 255.255.255.0 standby 192.168.200.2
monitor-interface abc
monitor-interface def
monitor-interface ghi

1 person had this problem
Labels:
0 Helpful
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card