10-06-2020 12:20 AM
I have a two locations running ASA5525's as cluster in each location. They run a S-2-S VPN between them & replicate some database info using Mirroring.
If I switch Master/Slave then the DB Mirror reports as down. Initially this was suspected to be due to a lack of NAT IP's allocated to the Cluster. I resolved this & the NAT error messages stopped, but mirror problem persists. I have added reverse route injection to the VPN & set it to be NAT exempt, but still get these mirror broken messages.
Any ideas ?
10-06-2020 02:38 AM
we need some more information, how your configuration and high level diagram how they conencted.
post the complete logs here.
10-06-2020 02:46 AM
Wait one, turns out whilst testing this this morning one of the DB servers was doing updates & mirror was broken, so it may be OK. I'll post an update once the DB team have fixed their issue & we have tested again.
10-06-2020 07:44 AM
So after further diagnosis the issue appears to be caused by a differential MTU size between the Master and Slave. When Unit B is Master it provides an MTU of 1436 from DB1 to DB2 for the replication. When Unit A is made master this drops to an MTU of 1358 & traffic fails.
Checking both ASA's they have MSS set to 1380, so slightly concerned that the path via one FW is below this & the other is above it.
Any ideas greatly appreciated.
Cheers
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: