Hi.I just had a rather strange problem with an ASA5510.One moment it was working fine and the next moment it stopped passing traffic from the inside interface to any other interface.The funny thing is I could connect to the ASA over VPN but access to anything behind the inside interface was a no go.Also after connecting to the equpment on the inside network via alternate means everything was also fine.The strangest thing is that interfaces on the ASA and on the equipment connected to it were all up,routing was up but traffic to the inside network was not going to happen.We finally reloaded the primary ASA to see if the failover ASA would take over and everything went back to normal.The logs show nothing and according to them everything was OK.
The failover configuration requires two identical security appliances connected to each other through a dedicated failover link and, optionally, a Stateful Failover link. The health of the active interfaces and units is monitored to determine if specific failover conditions are met. If those conditions are met, failover occurs.The security appliance supports two failover configurations, Active/Active failover and Active/Standby failover. Each failover configuration has its own method for determining and performing failover. With Active/Active failover, both units can pass network traffic. This also lets you configure traffic sharing on your network.
One possibility is that an incorrect translation was built and got stuck in the xlate table. I have seen this cause traffic outages many times. You can use the output of 'show xlate debug' to confirm this, but only if the problem is actively happening.
ARP issues are another possibility, but again there is no way to confirm this after the ASA has been reloaded.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :