Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
538
Views
5
Helpful
4
Replies

ASA 5512 Sync Problems

cavazos.art
Level 1
Level 1

‎01-28-2015 12:13 PM - edited ‎03-11-2019 10:24 PM

I am trying to configure an active/standby pair of ASA 5512's running version 8.6(1)2. The standby ASA will not sync with the active ASA. Is there a bug for this or is my configuration lacking?

#show running-config failover
failover
failover lan unit primary
failover lan interface fo GigabitEthernet0/3
failover key *****
failover replication http
failover link fo GigabitEthernet0/3
failover interface ip fo 192.168.255.1 255.255.255.252 standby 192.168.255.2
 

The secondary firewall is configured identically except for failover lan unit secondary.

The failover interfaces are using a dedicated switch.

Labels:
0 Helpful
4 Replies 4

Marvin Rhoads
Hall of Fame
Hall of Fame

‎01-28-2015 04:46 PM

Does show inventory on both indicate identical hardware?

I assume you've checked your failover key.

Also, are both the units' failover links confirmed up/up and in the same VLAN on the dedicated switch?

0 Helpful

cavazos.art
Level 1
Level 1
In response to Marvin Rhoads

‎01-30-2015 08:40 AM

Hello Marvin,

We have identical hardware. The failover key is identical, and we are up/up on the correct VLAN of the dedicated switch.

What I am seeing now as the backup syncs, it reboots and starts over again. I get the sync complete message, and then it boots. Fortunately, we only have 4 pairs of 5512's in our environment. And they all behave the same way.

Our 5510's run great.

And our version on the 5512's is 8.6(1)2

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to cavazos.art

‎01-30-2015 08:51 AM

Hmm it sounds like you're setting it up properly.

Although I don't see any published bug affecting you, you could be hitting a bug as 8.6(1)2 was very early code on that platform. If it's rebooting it should be creating a crashdump info file on disk0: that you could use to open a TAC case.

They will most likely advise upgrading to a more current release - 9.1(5) or 9.2(3). Either one would require you to first go via 9.1(2) as a prerequisite. Reference.

cavazos.art
Level 1
Level 1
In response to Marvin Rhoads

‎01-30-2015 08:56 AM

Thanks! I need to send a field tech to console into the device and get the crashdump from his laptop. We have them disabled for now as the reboots drive our NMS nuts.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card