Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4007
Views
0
Helpful
6
Replies

Error connecting to cluster in Cisco Email Security Appliance C190

Amira Saad
Level 1
Level 1

‎12-18-2016 05:10 AM

Dear all

i have Cisco Email Security Appliance C190 with Version: 9.1.2-036

And i get this  Warning message

 

Error connecting to cluster machine xxxxxxx.xxxxxxxxxx.com (Serial #: XXXXXXXXXXXXXXX) at IP x.x.x.x - Existing connection dropped -

 

Version: 9.1.2-036

Serial Number: xxxxxxxxxxxxx

Timestamp: 18 Dec 2016 13:33:05 +0200

1 person had this problem
Labels:
0 Helpful
6 Replies 6

dmccabej
Cisco Employee
Cisco Employee

‎12-18-2016 12:04 PM

Hello Amira,

Generally, every clustered machine establishes an SSH connection to all other machines in the cluster. Clustered machines ping each other every 2 minutes to verify the connectivity. If a machine does not receive a response form the other end within 2 minutes, it closes the connection and establishes a new one.

If this is a one time alert then the probable cause is most likely some network latency. 

You can review the current cluster connectivity via the CLI by using the following commands : clusterconfig --> connstatus. You can also perform telnet tests from one ESA to another via port 22 or 2222 (whichever the cluster is using) to verify current connectivity.

Thanks!

-Dennis M.

0 Helpful

Amira Saad
Level 1
Level 1
In response to dmccabej

‎12-18-2016 11:21 PM

hello dmccabej

actually they are connected by ping and ssh and all configuration is made on cluster simultaneously but i received this message as warning on my email 

i have no idea for what is the cause ?

0 Helpful

martin.eppler
Level 1
Level 1
In response to Amira Saad

‎12-18-2016 11:27 PM

Hello Amira,

do you have a firewall in between the cluster connection, that may drop persistent connections after a given time?

Best regards,

Martin

0 Helpful

Amira Saad
Level 1
Level 1
In response to martin.eppler

‎12-19-2016 02:25 AM

Actually yes i have a firewall in between  but the connection is working  good

IS there any firewall can work and stop and work again , As the cluster is working normally

0 Helpful

dmccabej
Cisco Employee
Cisco Employee
In response to Amira Saad

‎12-19-2016 06:27 AM

Hello Amira,

Since the cluster members are currently connected successfully, and unless this is alerting often, then I think at this point it's safe to ignore. More than likely a transient network related issue.

If you wish though, you can certainly go down the path of checking the timeouts on the firewall as Martin suggested to help mitigate future errors.

Thanks!

-Dennis M.

0 Helpful

martin.eppler
Level 1
Level 1
In response to Amira Saad

‎12-19-2016 06:32 AM

Hello Amira,

the issue with the firewall may be that it sees SSH connections between the appliances without actual traffic. It may then assume it is a stalled connection and drops it. The ESAs then try to re-establish the SSH connection (which works fine) and is sending the warning message which you have indicated in your first post.

I'd recommend to review your firewall if it indeed drops connections in case there is no traffic on it for a given time interval. If the given warning message is sent in regular intervals (e.g. 5 or 10 minutes), you could approach your firewall administrator asking if there is a timeout for connections set up on the firewall with the observed interval.

As Dennis already stated, not a point to be concerned as it has no operational impact. However, in order to get rid of the warning messages, I'd recommend to check the firewall here.

Best regards,

Martin 

0 Helpful
Customers Also Viewed These Support Documents