https://community.cisco.com/t5/network-security/asa-5520-getting-below-error-while-getting-replication-from/m-p/2157655#M358019 <HTML><HEAD></HEAD><BODY><P>By giving below cmd </P><P></P><P>show memory </P><P></P><P>Free memory:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 1465222416 bytes (68%)</P><P>Used memory:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 682261232 bytes (32%)</P><P></P><P>We dont have option show mem usage.</P></BODY></HTML> Wed, 17 Apr 2013 14:44:07 GMT mphasis infosec 2013-04-17T14:44:07Z https://community.cisco.com/t5/network-security/asa-5520-getting-below-error-while-getting-replication-from/m-p/2157648#M358003 <P>Hi </P><P></P><P>I have configured the primary firewall every thing seem to be fine, And we have configured failover device while config is getting replicated to the failover device we are getting below error. </P><P></P><P>ERROR: Cannot add policy to rule engine</P><P>ERROR: Unable to assign access-list Lan_out to interface inside</P><P></P><P></P><P>IOS and Model are same.But all the config got replicated from primary to secondary but except the one access group command.</P><P></P><P><STRONG>access-group Lan_out in interface inside</STRONG></P><P></P><P> Thanks</P><P>Diwa</P> Tue, 12 Mar 2019 01:30:08 GMT https://community.cisco.com/t5/network-security/asa-5520-getting-below-error-while-getting-replication-from/m-p/2157648#M358003 mphasis infosec 2019-03-12T01:30:08Z https://community.cisco.com/t5/network-security/asa-5520-getting-below-error-while-getting-replication-from/m-p/2157649#M358006 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Havent faced this issue myself so this is just a pure guess.</P><P></P><P>Is there a chance that someone has been configuring the Secondary firewall and changed the "inside" interface "nameif" to something else?</P><P></P><P>You could confirm this directly logging into the secondary unit and issuing the command "show run interface"</P><P></P><P>Somehow I think though that this might be something else.</P><P></P><P>- Jouni</P></BODY></HTML> Wed, 17 Apr 2013 13:22:45 GMT https://community.cisco.com/t5/network-security/asa-5520-getting-below-error-while-getting-replication-from/m-p/2157649#M358006 Jouni Forss 2013-04-17T13:22:45Z https://community.cisco.com/t5/network-security/asa-5520-getting-below-error-while-getting-replication-from/m-p/2157650#M358007 <HTML><HEAD></HEAD><BODY><P>Hi Jouni,</P><P></P><P>We have verified already and i have logged-in double checked in seconday firewall<STRONG> nameif inside</STRONG>, which is same as primary.</P><P></P><P>-Diwa</P><P></P><DIV class="mcePaste" id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow: hidden;"><IMG /></DIV></BODY></HTML> Wed, 17 Apr 2013 13:29:26 GMT https://community.cisco.com/t5/network-security/asa-5520-getting-below-error-while-getting-replication-from/m-p/2157650#M358007 mphasis infosec 2013-04-17T13:29:26Z https://community.cisco.com/t5/network-security/asa-5520-getting-below-error-while-getting-replication-from/m-p/2157651#M358009 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Have you taken "show run" output from both units and compared them with for example Microsoft Word or some other program to see if there is anything different?</P><P></P><P>Could there be some issue with memory? </P><P></P><P>Is this some Failover setup that has been working before this issue? Or have you just added the secondary unit and you encountered the problem before the setup even got working?</P><P></P><P>Only sync/replication problem I have had with ASA A/S Failover was when the Sync got stuck and wouldnt go through. I ended up removing the Standby unit from the network. Erased its configuration and only configured the configurations required by the Failover and then the Configuration Sync went through without problems.</P><P></P><P>Again these are just guesses and suggestions. I am not sure what the problem might be</P><P></P><P>- Jouni</P></BODY></HTML> Wed, 17 Apr 2013 14:13:18 GMT https://community.cisco.com/t5/network-security/asa-5520-getting-below-error-while-getting-replication-from/m-p/2157651#M358009 Jouni Forss 2013-04-17T14:13:18Z https://community.cisco.com/t5/network-security/asa-5520-getting-below-error-while-getting-replication-from/m-p/2157652#M358011 <HTML><HEAD></HEAD><BODY><P>The first thing mentioned when searching information about the error message hints to a situation where there is not enough memory for the ACL configuration.</P><P></P><P>I think from some software level onwards the ASAs could actually be of different RAM setup.</P><P></P><P>Is it possible that the ASAs have different amount of RAM?</P><P></P><P>You could use "show version" on both units to confirm the RAM setup of each ASA.</P><P></P><P>- Jouni</P></BODY></HTML> Wed, 17 Apr 2013 14:19:51 GMT https://community.cisco.com/t5/network-security/asa-5520-getting-below-error-while-getting-replication-from/m-p/2157652#M358011 Jouni Forss 2013-04-17T14:19:51Z https://community.cisco.com/t5/network-security/asa-5520-getting-below-error-while-getting-replication-from/m-p/2157653#M358013 <HTML><HEAD></HEAD><BODY><P>Hi</P><P></P><P></P><P>I have compared primary &amp; secondary unit running config using compare tool.</P><P>Every thing is identical except the one command is missing from the seconday <STRONG>access-group Lan_out in interface inside</STRONG></P><P></P><P>Changes which we are doing in the primary getting replicated without issue and also<STRONG> sh failover state</STRONG> say</P><P> Sync Done - STANDBY</P><P></P><P>But we found the RAM in primary unit 2 Gb &amp; in secondary is 1 GB.</P><P></P><P>We are planning to erase the config and replicate once again with the primary unit.</P><P></P><P>- Diwa</P></BODY></HTML> Wed, 17 Apr 2013 14:37:57 GMT https://community.cisco.com/t5/network-security/asa-5520-getting-below-error-while-getting-replication-from/m-p/2157653#M358013 mphasis infosec 2013-04-17T14:37:57Z https://community.cisco.com/t5/network-security/asa-5520-getting-below-error-while-getting-replication-from/m-p/2157654#M358016 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>If you have complicated ACLs which for example use "object-group" I imagine the ACLs grow very large and consume a lot of memory. Also other configurations which use the ACLs might be a cause.</P><P></P><P>You could check what is the memory status on the Primary unit which has more RAM</P><P></P><P>Use the command</P><P></P><P><STRONG>show memory usage</STRONG></P><P></P><P>- Jouni</P></BODY></HTML> Wed, 17 Apr 2013 14:40:48 GMT https://community.cisco.com/t5/network-security/asa-5520-getting-below-error-while-getting-replication-from/m-p/2157654#M358016 Jouni Forss 2013-04-17T14:40:48Z https://community.cisco.com/t5/network-security/asa-5520-getting-below-error-while-getting-replication-from/m-p/2157655#M358019 <HTML><HEAD></HEAD><BODY><P>By giving below cmd </P><P></P><P>show memory </P><P></P><P>Free memory:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 1465222416 bytes (68%)</P><P>Used memory:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 682261232 bytes (32%)</P><P></P><P>We dont have option show mem usage.</P></BODY></HTML> Wed, 17 Apr 2013 14:44:07 GMT https://community.cisco.com/t5/network-security/asa-5520-getting-below-error-while-getting-replication-from/m-p/2157655#M358019 mphasis infosec 2013-04-17T14:44:07Z