07-19-2012 03:57 AM
Hi,
We have a pair of ACE20-MOD-K9 in Fault Tolerant mode. They are running multiple contexts and we have a problem with one particular context which is running SSL off-loading. Despite the config being identical on both (accept for the peer addresses obviously) and both having the same SSL Key and Cert files loaded on both, the configuration will not sync between them.
Here is the outputs from both:
XXXX-DC2-00-ACE1/XXXXX-CISCO-QUAD-SERVICES# sh ft group brief
FT Group ID: 8 My State:FSM_FT_STATE_ACTIVE Peer State:FSM_FT_STATE_STANDBY_COLD
Context Name: XXXXX-CISCO-QUAD-SERVICES Context Id: 2 Running Cfg Sync Status: Successful
XXXX-DC1-00-ACE1/XXXXX-CISCO-QUAD-SERVICES# sh ft group brief
FT Group ID: 8 My State:FSM_FT_STATE_STANDBY_COLD Peer State:FSM_FT_STATE_ACTIVE
Context Name: XXXXX-CISCO-QUAD-SERVICES Context Id: 11 Running Cfg Sync Status: Successful
XXXX-DC2-00-ACE1/XXXXX-CISCO-QUAD-SERVICES# sh ft group stat
FT Group : 8
Configured Status : in-service
Maintenance mode : MAINT_MODE_OFF
My State : FSM_FT_STATE_ACTIVE
Peer State : FSM_FT_STATE_STANDBY_COLD
Peer Id : 1
No. of Contexts : 1
Running cfg sync status : Peer in Cold State. Incremental Sync Failure: SSL Keyfile does not exist
Startup cfg sync status : Peer in Cold State. Incremental Sync Failure: SSL Keyfile does not exist
XXXX-DC1-00-ACE1/XXXXX-CISCO-QUAD-SERVICES# sh ft group stat
FT Group : 8
Configured Status : in-service
Maintenance mode : MAINT_MODE_OFF
My State : FSM_FT_STATE_STANDBY_COLD
Peer State : FSM_FT_STATE_ACTIVE
Peer Id : 1
No. of Contexts : 1
Running cfg sync status : Incremental Sync Failure: SSL Keyfile does not exist
Startup cfg sync status : Incremental Sync Failure: SSL Keyfile does not exist
XXXX-DC2-00-ACE1/XXXXX-CISCO-QUAD-SERVICES# sh crypto file
Filename File File Expor Key/
Size Type table Cert
-----------------------------------------------------------------------
fn42604_cert.pem 1850 PEM Yes CERT
fn42604_privatekey.pem 1679 PEM Yes KEY
quad2.pem 1675 PEM Yes KEY
quad2_cer.pem 2582 PEM Yes CERT
quad_prod_abbrv 1675 PEM Yes KEY
quad_prod_abbrv_cer.pem 2556 PEM Yes CERT
quad_prod_fqdn 1675 PEM Yes KEY
quad_prod_fqdn_cer.pem 2578 PEM Yes CERT
XXXX-DC1-00-ACE1/XXXXX-CISCO-QUAD-SERVICES# sh crypto file
Filename File File Expor Key/
Size Type table Cert
-----------------------------------------------------------------------
fn42604_cert.pem 1850 PEM Yes CERT
fn42604_privatekey.pem 1679 PEM Yes KEY
quad2.pem 1675 PEM Yes KEY
quad2_cer.pem 2582 PEM Yes CERT
quad_prod_abbrv 1675 PEM Yes KEY
quad_prod_abbrv_cer.pem 2556 PEM Yes CERT
quad_prod_fqdn 1675 PEM Yes KEY
quad_prod_fqdn_cer.pem 2578 PEM Yes CERT
All the Crypto files are identical as I copied them from one ACE to the other.
Can anyone shed any light on why this context is not syncing its configuration?
Thanks,
Dom Wilkinson
Solved! Go to Solution.
07-19-2012 04:03 AM
Hi,
Can you restart autosync and see if it fixes the issue,
no ft auto-sync startup-config
no ft auto-sync running-config
ft auto-sync startup-config
ft auto-sync running-config
Regards,
Siva
07-19-2012 04:03 AM
Hi,
Can you restart autosync and see if it fixes the issue,
no ft auto-sync startup-config
no ft auto-sync running-config
ft auto-sync startup-config
ft auto-sync running-config
Regards,
Siva
07-19-2012 04:11 AM
Hi Siva,
Thanks for that! That fixed the problem.
I'll remember that one in future!
Cheers,
Dom.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide