asa 5545 A/S failover: sync of config to standby fails
We have an issue with active standby failover synchronization in the two ASA 5545 9.1 versions:
The synchronization does not happen to the standby unit.
Are there known issues?
After removing and connecting them directly by a utp cable (including a powerdown and reconfiguration of the same failover commands) in G0/6 failover synchronization works. So after putting the ASA's back in production everything was fine and configuration adds were synchronized to the standby. So everything seems to be all right again, but after loss of the Failover link the problem is back again. Now the situation is the Active tries to synchonise and does not stop this process. Also disabling failover is not allowed anymore at that moment. It finds a mate but hangs in the process of synchronizing.
This problem earlier seen, happened after a reboot of one of the switch stacks (for maintenance) and is back now back and synchronization does not work anymore. To reduce the cause of the issue we also tried to directly connect both asa's by separate switches (only connecting the failover interface G0/6) : Standby-asa--utpcable---switch---fiber-to-other-mer----switch-utp---Active_ASA, in the live network but the active unit can't sync with the standby
the failover link we want use is a dedicated vlan between two 3750 stacks connected to two MER's were a 5545 is located, but also with a dedicated failover link we have tested this issue remains in the live network. However all these changes still don't make the synchronization happen. The config is quite big (over 10,000 line with many static translations). It seems the primary unit tries to synchronize the config but can't really do this. The failover looks good and when typing show failoer we see the mate and message synchronizing to the standby.
failover failover lan unit primary failover lan interface Lan_Failover GigabitEthernet0/6 failover polltime interface 3 holdtime 25 failover key xxx failover replication http failover link Lan_Failover GigabitEthernet0/6 failover interface ip Lan_Failover 192.168.200.1 255.255.255.0 standby 192.168.200.2 monitor-interface abc monitor-interface def monitor-interface ghi
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :