Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
550
Views
0
Helpful
4
Replies

FWSM Continuous Reload of Standby Unit due to Synchronization Problem

CSCO11390255
Level 1
Level 1

‎08-31-2009 08:59 AM - edited ‎03-11-2019 09:11 AM

Hi, the following error message apears in the secondary FWSM unit:

Config Sync Error: Following command could not be executed on standby

access-list privilegeados commit-status committed line 83 extended permit ip host 172.26.55.67 any time-range VERASLAB#5PIEDRAS

Context: single_vf

******REPLICATION OF CONFIGURATION FROM ACTIVE TO STANDBY UNIT IS INCOMPLETE,

TO PREVENT THE STANDBY UNIT TAKING OVER AS ACTIVE WITH A PARTIAL CONFIGURATION,

THE STANDBY UNIT WILL NOW REBOOT*******

In the begging I tought it was a lack of resources, but I'm using single context mode and have enough free resources.

The following message appears on the 7600 primary unit: %SVCLC-5-FWTRUNK: Firewalled VLANs configured on trunks

I removed the ACL and the standby FWSM unit stop rebooting.

¿What can be causing this problem?

Labels:
0 Helpful
4 Replies 4

Yudong Wu
Level 7
Level 7

‎08-31-2009 10:01 AM

what code FWSM is running?

0 Helpful

CSCO11390255
Level 1
Level 1
In response to Yudong Wu

‎08-31-2009 10:34 AM

Hi, I have the following configuration applied:

interface Vlan201

nameif inside

security-level 100

ip address X.X.X.X X.X.X.X standby X.X.X.X

interface Vlan210

nameif outside

security-level 0

ip address Y.Y.Y.Y Y.Y.Y.Y standby Y.Y.Y.Y

failover

failover lan unit primary

failover lan interface f_over Vlan211

failover interface ip f_over Z.Z.Z.Z Z.Z.Z.Z standby Z.Z.Z.Z

monitor-interface inside

monitor-interface outside

The FWSM is version:

FWSM Firewall Version 3.2(2)

0 Helpful

Yudong Wu
Level 7
Level 7
In response to CSCO11390255

‎08-31-2009 10:56 AM

Not sure if it is a bug but I did not find one so far.

So you removed that ACL entry to fix the issue?

Can you try to add time-range config first and then sync the config between active and standby? and then config that ACL entry and try to sync config again.

You might need open a TAC case to furhter investigation.

0 Helpful

CSCO11390255
Level 1
Level 1
In response to Yudong Wu

‎08-31-2009 11:26 AM

Yes, I removed the ACL and the standby FWSM unit stop rebooting.

I'll tried with your recommendations and I'll let you know.

Thanks a lot for your help.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card