Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Known reasons for ASA 5520 configs to become out of sync in FO pair

I have a pair of 5520's running OS v. 8.2.(1) in a LAN based active/standby failover configuration.

Over the weekend, some failover testing was performed and we found to our dismay that the ASA configs were not in sync ! We've checked all interface logs and counters, combed through the syslogs for the ASA's and the switches involved but could find no apparent reason for the mismatch other than that the primary/active ASA hasn't been pushing the config changes to the secondary/backup ASA when performed.

Is this a known Problem with the running OS or could there be other factors involved which we have not perceived up until now ?

Many thanks in advance,

Phil

4 REPLIES

Re: Known reasons for ASA 5520 configs to become out of sync in

New Member

Re: Known reasons for ASA 5520 configs to become out of sync in

Hi Francisco,

                   

there was absolutely no indication that the configs were out of sync, nothing visible from the CLI or ASDM. The sync errors are not only confined to various VPN ACL's but to other VPN parameters as well. If there is a known bug in the running OS then an upgrade should help.

That's something we've had planned for a while but due to .............never got round to it.

Many thanks,

Phil

Cisco Employee

Re: Known reasons for ASA 5520 configs to become out of sync in

Pls. make sure you can copy a sample text file to the flash of the standby unit via tftp.

If you can't then there is a problem with flash and you may have to run fsck on flash which may resolve the issue.

-KS

New Member

Re: Known reasons for ASA 5520 configs to become out of sync in

Hi Kusankar,

                    I don't have a tftp server I can use in the ASA network due to the ASA's file transfer capabilities for http etc. If the oppertunity arrises, I'll test what you suggested.

Many thanks,

Phil

423
Views
0
Helpful
4
Replies
CreatePlease login to create content