Solved: Hello VibhorI am having a

isaacalves27 · ‎07-21-2015

Hello community

We have configured our 5585-X SSP20 as in the following document:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/ha_cluster.html#pgfId-1554629

Both ASAs are connected to our VSS - 6509

System image file is "sup-bootflash:/s72033-ipservicesk9_wan-mz.122-33.SXJ7.bin

And both FW are using the samme OS - System image file is "disk0:/asa922-4-smp-k8.bin

The FWs can ping each other with no issues. But when I add the second one the following error occurs:

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

ASA2(cfg-cluster)# enable
WARNING: Strongly recommend to configure a virtual MAC address for each span-cluster port-channel interface or all subinterfaces of it in order to achieve best stability of span-cluster port-channel during unit join/leave.
ASA2(cfg-cluster)# cluster_ccp_make_rpc_call failed to clnt_call. msg is CCP_MSG_REGISTER, ret is RPC_SYSTEMERROR
Cluster disable is performing cleanup..done.
All data interfaces have been shutdown due to clustering being disabled. To recover either enable clustering or remove cluster group configuration.

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Someone can point us int the right direction?

Best regards

Isaac Alves

Vibhor Amrodia · ‎07-21-2015

Hi,

Can you post the configuration from the ASA device ?

Thanks and Regards,

Vibhor Amrodia

View solution in original post

Vibhor Amrodia · ‎07-21-2015

Hi,

Correct as this RPC error is quite generic and might related to something in the configuration as well.

Thanks and Regards,

Vibhor Amrodia

View solution in original post

Vibhor Amrodia · ‎07-21-2015

Hi,

Can you post the configuration from the ASA device ?

Thanks and Regards,

Vibhor Amrodia

isaacalves27 · ‎07-21-2015

Hello Vibhor

Thank you for trying to help us out.

In attachement our cluster configuration.

I have checked SSL but there are no issues there:

http://www.cisco.com/image/gif/paws/116108/116108-problem-slave-asa-00.pdf

Best regards

isaacalves27 · ‎07-21-2015

Hello Vibhor

I have started again from a fresh config - configuration factory-reset and added this minimum config:

!ASA2
mtu cluster 9000
!
interface GigabitEthernet0/5
channel-group 23 mode on
no sh
!
interface GigabitEthernet0/6
channel-group 23 mode on
no sh
!
interface Port-channel23
no sh
!
cluster group ASA_CLUSTER
key ***
local-unit ASA2
cluster-interface Port-channel23 ip 192.168.1.2 255.255.255.240
priority 2
enable as-slave
!

And it did the trick :)

Cluster unit ASA2 transitioned from DISABLED to SLAVE

Thanks for your help

Vibhor Amrodia · ‎07-21-2015

Hi,

Correct as this RPC error is quite generic and might related to something in the configuration as well.

Thanks and Regards,

Vibhor Amrodia

isaacalves27 · ‎07-23-2015

Hello Vibhor

I am having a strange issue with the management adresses of my SLAVE FW. The MASTER FW is replying to the arp requests made to the SLAVE management address. Other host in the same have no issues on reaching the management interface as the SLAVE management interface is replying to the ARP requests.

As a workaround I have done a static arp entry on the gateway, but I am not very fond of doing static ARP entries :-).

Do you have any hint on what to do? I have configured my management interfaces as in this doc:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/ha_cluster.html

Thank you for bearing with me.

Isaac Alves

ASA 5585-X Clustering error - ASA2(cfg-cluster)# cluster_ccp_make_rpc_call failed to clnt_call. msg is CCP_MSG_REGISTER, ret is RPC_SYSTEMERROR Cluster disable is performing cleanup..