01-03-2008 12:03 PM - last edited on 03-25-2019 05:39 PM by ciscomoderator
Have two ASA5520's (running 7.2.3 as A/S) configured for Cisco Client VPN but when we try to connect via the VPN Client we don't seem to pass any ISAKMP traffic to the outside port..
the Debug Crypto ISAKMP displays " [IKEv1]: IKE receiver: Local unit is failover enabled but is not currently active."
Our 2 ASA's are configured for A/S and the primary is the active ASA..
PG-ASA1# sh failover
Failover On
Failover unit Primary
Failover LAN Interface: FailoverLink GigabitEthernet0/3 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 4 of 250 maximum
Version: Ours 7.2(3), Mate 7.2(3)
Last Failover at: 07:53:35 EST Nov 17 2007
This host: Primary - Active
Active time: 4086465 (sec)
slot 0: ASA5520 hw/sw rev (2.0/7.2(3)) status (Up Sys)
Interface Outside (1.1.1.1): Normal
Interface inside (172.16.50.150): Normal
Interface DMZ (10.1.1.1): Normal
Interface management (172.31.16.253): Normal
slot 1: empty
Other host: Secondary - Standby Ready
Active time: 0 (sec)
slot 0: ASA5520 hw/sw rev (2.0/7.2(3)) status (Up Sys)
Interface Outside (1.1.1.2): Normal
Interface inside (172.16.50.152): Normal
Interface DMZ (10.1.1.2): Normal
Interface management (172.31.16.252): Normal
slot 1: empty
The sh crypto ISAKMP Stat shows "In Drop Packets: 170" this climbs by 4 with ever try to vpn in with the client
this same config and client works fine in a 3030concentrator but we would like to move to the ASA and use the 3030Con as a backup any help on this issue???
01-09-2008 11:49 AM
The solution to this problem is to reboot the ASA or re-enable failover on both boxes. This is a failover issue as the IKE receiver thinks that the Primary (Active) ASA is not Active. This issue is similar to Cisco bug : CSCef16655.
05-12-2008 11:34 AM
there is no information available about this bug. Do you were able to find any additional workaround other than reset the firewalls.
Thanks,
OScar Perez
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide