Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1300
Views
0
Helpful
6
Replies

ASA5520 CSC-SSM Failover Sync Problems

ifbnetworkops
Level 1
Level 1

‎05-18-2012 04:56 AM - edited ‎03-11-2019 04:08 PM

Hi,

I have a pair of ASA5520, each has a CSC-SSM module, all specs and licences match and the ASA failover between active and passive firewalls works as expected. However, I am unable to get the two content modules to sync. ASA are running 8.4... and attach diagram show cabling. Each CSC-SSM uses it's connected port as a gateway, although I've tried using both primary and standby IP.

When I try to sync the devices as per the Trend Micro instructions I get the error:

"InterScan for CSC SSM could not establish a connection with the failover peer device. Please verify network connectivity with the peer and that the peer is functioning properly, then try again."

All interfaces are up/up. I cannot see the other CSC-SSM in either ASA's arp table. Neither CSC-SSM can ping the other, and none of the guides I've found so far details the pre sync config of the CSC-SSMs. Any help will be greatly appreciated!

Labels:
Preview file
40 KB
0 Helpful
6 Replies 6

Julio Carvajal
VIP Alumni
VIP Alumni

‎05-19-2012 01:00 AM

Hello,

Can you check the configuration related to the log you are getting on the following document,

http://www.cisco.com/en/US/docs/security/csc/csc60/administration/guide/csc6.html

Afterwards let me know if you have any question.,

Regards,

Do rate all the helpful posts

Julio

Cisco Security Engineer

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni

‎05-19-2012 01:01 AM

Hello,

Can you check the configuration related to the log you are getting on the following document,

http://www.cisco.com/en/US/docs/security/csc/csc60/administration/guide/csc6.html

Afterwards let me know if you have any question.,

Regards,

Do rate all the helpful posts

Julio

Cisco Security Engineer

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

ifbnetworkops
Level 1
Level 1
In response to Julio Carvajal

‎05-20-2012 05:29 AM

Hi

Thank you for responding. This was the manual I followed, however it doesn't outline the cabling between the ASA and CSC-SSM's, or the IP addressing. So I've configured each device as I would for a stand alone ASA & module, the problem being that the two CSC-SSM have no path to talk to each other, there is no layer 2 or 3 path between them. I have considered introducing a switch between them to allow a layer 2 path, but I would have thought that if this were part of the product design from Cisco it would have been mentioned in the documentation?

Thanks again.

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni
In response to ifbnetworkops

‎05-20-2012 03:28 PM

Hello,

The CSC module got to be on the same subnet than the ASA ( THE CSC will use the ASA as the default gateway)

Can you confirm if you have it like that?

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

ifbnetworkops
Level 1
Level 1
In response to Julio Carvajal

‎05-21-2012 01:07 AM

Yes, I can confirm that, as detailed in the diagram I attached to the origonal post.

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni
In response to ifbnetworkops

‎05-21-2012 10:36 AM

Hello,

From the CSC..Can you ping 4.2.2.2? On both CSC's

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card