ASA 5515-X issue

fabrice_labiau · ‎02-16-2015

Hello all,

We're currently facing a strange issue.

We have 2 ASA's 5515 in failover setup. Since more than 1 month, everything worked fine, and suddenly it was impossible for some user to establish a vpn connection with the anyconnect client, the web portal wasn't reachable (ping works) and impossible to connect with ASDM but the ASA's are still reachable with ssh.

If I reload the active one, the standby becomes active and then web portal and ASDM are working... for 5 minutes, then we get again the same symptoms.

The CPU usage is low and we still have 76% free memory, this is normally not a resource issue.

Does someone have an idea on what we have to investigate ?

Thanks in advance,

Fabrice

Marvin Rhoads · ‎02-16-2015

It sounds like one of the units may not have the AnyConnect images, VPN profile (xml files) and/or portal customization files. These must all be manually synchronized between units in an HA pair.

As to why the failover is happening after 5 minutes, check "show failover history" to see what is going on to induce that.

Andre Neethling · ‎02-17-2015

It seems your issues could be related to the SSL protocol. All the connections that stopped working use SSL, but SSH works because it uses TCP 22. Have a look at your RSA and SSL configs. Just a thought. I could be wrong though :-).

Are the ASAs directly connected to the internet, or do they sit behind another device? Where are you launching ASDM from? Is it an INSIDE or Management interface?