I have a pair of ASA5520, each has a CSC-SSM module, all specs and licences match and the ASA failover between active and passive firewalls works as expected. However, I am unable to get the two content modules to sync. ASA are running 8.4... and attach diagram show cabling. Each CSC-SSM uses it's connected port as a gateway, although I've tried using both primary and standby IP.
When I try to sync the devices as per the Trend Micro instructions I get the error:
"InterScan for CSC SSM could not establish a connection with the failover peer device. Please verify network connectivity with the peer and that the peer is functioning properly, then try again."
All interfaces are up/up. I cannot see the other CSC-SSM in either ASA's arp table. Neither CSC-SSM can ping the other, and none of the guides I've found so far details the pre sync config of the CSC-SSMs. Any help will be greatly appreciated!
Thank you for responding. This was the manual I followed, however it doesn't outline the cabling between the ASA and CSC-SSM's, or the IP addressing. So I've configured each device as I would for a stand alone ASA & module, the problem being that the two CSC-SSM have no path to talk to each other, there is no layer 2 or 3 path between them. I have considered introducing a switch between them to allow a layer 2 path, but I would have thought that if this were part of the product design from Cisco it would have been mentioned in the documentation?
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...