Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2539
Views
0
Helpful
1
Replies

ASA Failover Config Sync infinite time

pemasirid
Level 1
Level 1

‎11-16-2011 12:02 PM - edited ‎03-11-2019 02:52 PM

Hi,

We have ASA running code 8.0.4 with Active/Standby for quite long time. Today when we gave the command wri standby it started sync the config to standby ASA but waited forever.

when we checked the show failover, we got the following result.

This host: Secondary - Active

                Active time: 1928633 (sec)

                slot 0: ASA5540 hw/sw rev (2.0/8.0(4)) status (Up Sys)

                  Interface PERIMETER-MGMT (10.12.8.1): Normal (Not-Monitored)

                  Interface OUTSIDE (86.36.xx.xx): Normal (Waiting)

                  Interface GUEST-WIRELESS1 (10.13.102.1): Normal (Not-Monitored)

                  Interface GUEST-WIRELESS2 (10.13.103.1): Normal (Not-Monitored)

                  Interface INSIDE (10.13.122.1): Normal (Waiting)

                  Interface DMZ-MGMT (10.12.9.1): Normal (Not-Monitored)

                  Interface DMZ (10.13.96.1): Normal (Waiting)

                  Interface DMZ-PUB (86.36.xx.xx): Normal (Waiting)

                  Interface management (0.0.0.0): No Link (Waiting)

               slot 1: ASA-SSM-40 hw/sw rev (1.0/7.0(3)E4) status (Up/Up)

                  IPS, 7.0(3)E4, Up

        Other host: Primary - Sync Config

                Active time: 6908633 (sec)

                slot 0: ASA5540 hw/sw rev (2.0/8.0(4)) status (Up Sys)

                  Interface PERIMETER-MGMT (10.12.8.2): Normal (Not-Monitored)

                  Interface OUTSIDE (86.36.xx.xx): Normal (Waiting)

                  Interface GUEST-WIRELESS1 (10.13.102.2): Normal (Not-Monitored)

                  Interface GUEST-WIRELESS2 (10.13.103.2): Normal (Not-Monitored)

                  Interface INSIDE (10.13.122.2): Normal (Waiting)

                  Interface DMZ-MGMT (10.12.9.2): Normal (Not-Monitored)

                  Interface DMZ (10.13.96.2): Normal (Waiting)

                  Interface DMZ-PUB (86.36.xx.xx): Normal (Waiting)

                  Interface management (0.0.0.0): No Link (Waiting)

                slot 1: ASA-SSM-40 hw/sw rev (1.0/7.0(3)E4) status (Unresponsive/Down)

                  IPS, 7.0(3)E4, Not Applicable

When we console to Standby ASA and tried to save (wri mem), we  got the following error and also please note the hostname has become default...?

ciscoasa(config)# wri memory

Building configuration...

Command Ignored, Configuration in progress...

[FAILED]

and when we tried to give following command we got this error:

ciscoasa(config)# copy running-config startup-config

Source filename [running-config]?

%Error reading system:/running-config (Configuration temporarily locked)

ciscoasa(config)#

I see here the standby ASA IPS module is down, but can that issue cause not sync the config backup and writing to nvram (save config)..?

Appreciate if someone can reply what can cause this issue..?

Labels:
0 Helpful
1 Reply 1

Maykol Rojas
Cisco Employee
Cisco Employee

‎11-16-2011 04:36 PM

Hi,

What happen if you issue "failover reset" command? Some of the interfaces are having problems. What I would do first is just try to have the interfaces that show "waiting" to normal state and then issue the failover reset. The problem may obbey to the faulty SSM module. Try resetting the module again and check if it comes to up state again.

Let me know.

Mike

Mike
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card