02-16-2015 08:51 AM - edited 03-11-2019 10:30 PM
Hello all,
We're currently facing a strange issue.
We have 2 ASA's 5515 in failover setup. Since more than 1 month, everything worked fine, and suddenly it was impossible for some user to establish a vpn connection with the anyconnect client, the web portal wasn't reachable (ping works) and impossible to connect with ASDM but the ASA's are still reachable with ssh.
If I reload the active one, the standby becomes active and then web portal and ASDM are working... for 5 minutes, then we get again the same symptoms.
The CPU usage is low and we still have 76% free memory, this is normally not a resource issue.
Does someone have an idea on what we have to investigate ?
Thanks in advance,
Fabrice
02-16-2015 10:51 AM
It sounds like one of the units may not have the AnyConnect images, VPN profile (xml files) and/or portal customization files. These must all be manually synchronized between units in an HA pair.
As to why the failover is happening after 5 minutes, check "show failover history" to see what is going on to induce that.
02-17-2015 01:24 AM
It seems your issues could be related to the SSL protocol. All the connections that stopped working use SSL, but SSH works because it uses TCP 22. Have a look at your RSA and SSL configs. Just a thought. I could be wrong though :-).
Are the ASAs directly connected to the internet, or do they sit behind another device? Where are you launching ASDM from? Is it an INSIDE or Management interface?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide