Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Active-Standby -Client-Site VPN

Dear Experts.

We have Cisco two ASA 5550 which is configured in Active-Standby mode but client-site VPN is not working when secondary unit becomes active. Failover status is showing as " Secondary Active" when primary unit is active all client-site VPN connections are working fine. Both ASA's has 7.2(3) IOS image and DES, 3DES/AES license enables.

We are getting following error messages

IPSEC: Deleted outbound permit rule, SPI 0xBFA351A9

Rule ID: 0x059C3060

IPSEC: Deleted outbound VPN context, SPI 0xBFA351A9

VPN handle: 0x00227DFC


Jan 09 13:23:52 [IKEv1]: Group = DefaultRAGroup, IP = x.x.x.x, Removing peer from peer table failed, no match!

Jan 09 13:23:52 [IKEv1]: Group = DefaultRAGroup, IP = x.x.x.x, Error: Unable to remove PeerTblEntry

Please advise

Hall of Fame Super Silver

One of the things that I have

One of the things that I have seen that can cause symptoms like this is to not have some files in flash of the backup ASA. In particular I suggest that you check for files related to the client VPN. So get the output of show flash from the primary ASA and from the backup ASA and compare them.





CreatePlease login to create content