Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

asa 5545 A/S failover: sync of config to standby fails


We have an issue with active standby failover synchronization in the two ASA 5545 9.1 versions:

The synchronization does not happen to the standby unit.

Are there known issues?

After removing and connecting them directly by a utp cable (including a powerdown and reconfiguration of the same failover commands) in G0/6 failover synchronization works. So after putting the ASA's back in production everything was fine and configuration adds were synchronized to the standby. So everything seems to be all right again, but after loss of the Failover link the problem is back again. Now the situation is the Active tries to synchonise and does not stop this process. Also disabling failover is not allowed anymore at that moment. It finds a mate but hangs in the process of synchronizing.

This problem earlier seen, happened after a reboot of one of the switch stacks (for maintenance) and is back now back and synchronization does not work anymore. To reduce the cause of the issue we also tried to directly connect both asa's by separate switches (only connecting the failover interface G0/6) :   Standby-asa--utpcable---switch---fiber-to-other-mer----switch-utp---Active_ASA, in the live network but the active unit can't sync with the standby

the failover link we want use is a dedicated vlan between two 3750 stacks connected to two MER's were a 5545 is located, but also with a dedicated failover link we have tested this issue remains in the live network. However all these changes still don't make the synchronization happen. The config is quite big (over 10,000 line with many static translations). It seems the primary unit tries to synchronize the config but can't really do this. The failover looks good and when typing show failoer we see the mate and message synchronizing to the standby.

config part:

failover lan unit primary
failover lan interface Lan_Failover GigabitEthernet0/6
failover polltime interface 3 holdtime 25
failover key xxx
failover replication http
failover link Lan_Failover GigabitEthernet0/6
failover interface ip Lan_Failover standby
monitor-interface abc
monitor-interface def
monitor-interface ghi

CreatePlease login to create content