Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6025
Views
0
Helpful
3
Replies

AnyConnect Client Profiles not replicating to standby ASA

Go to solution
jim.king
Level 1
Level 1

‎01-19-2012 01:24 PM - edited ‎03-11-2019 03:17 PM

We have 2 ASA 5510's running in a Active/Standby configuration.  It appears that most of the changes we make on the active unit are replicated to the standby unit.  However, there are 3 AnyConnect Client Profiles on the active unit and none of them show up on the standby, the standby has no AnyConnect Profiles.  We also have 1 OnConnect script on the active unit and it does not appear on the standby unit either.

I was under the assumption that all config items on the active unit would replicate to the standby.  Is this not correct?  Do I need to do something extra to get everything replicated?  Are there other items that do not replicate? 

Any insight on this would be appreciated.

Thanks!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎01-19-2012 03:25 PM

Hello Jim,

Bug CSCsr31403

When configuring the ASA in a failover pair you must manually copy the  AnyConnect and CSD images to both the Primary and Secondary ASA devices.   You must also do the same for the Anyconnect profile file if it is  being used.

Either force the standby ASA to become active and copy the files to the  new active ASA using ASDM or copy the files directly from the standby  ASA console using tftp or ftp.

Hope this helps.

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎01-19-2012 03:25 PM

Hello Jim,

Bug CSCsr31403

When configuring the ASA in a failover pair you must manually copy the  AnyConnect and CSD images to both the Primary and Secondary ASA devices.   You must also do the same for the Anyconnect profile file if it is  being used.

Either force the standby ASA to become active and copy the files to the  new active ASA using ASDM or copy the files directly from the standby  ASA console using tftp or ftp.

Hope this helps.

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
jim.king
Level 1
Level 1
In response to Julio Carvajal

‎01-20-2012 09:06 AM

Thanks for your response Julio. 

I was able to get the AnyConnect Client Profiles copied over to the standby unit.  I did it by first exporting the profiles from the active unit, then creating and importing them on the standby.  I know you're not suppose to make changes directly on the standby, but I did not want to have to failover first.  Hopefully this does not cause me any other issues.

From what I can tell everything looks to be in sync now.

Again, thanks for your help.

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to jim.king

‎01-20-2012 09:15 AM

Hello Jim,

Great to hear that know everything is working as expected.

Please mark the question as answered so future users can learn from this topic.

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card