ASA 5550 issues

madonamadona · ‎11-03-2014

Dear all,

I’ve configured 2 ASA 5550 active / standby (both with SFP module), they work very well when both of them are connected but as soon as I switch off one of them (to test the failover) then the running one tells me “ can’t find mate “ which is right but then it starts to show me a lot of errors / over 100 (in hex ) like addresses and after about 2-3 minutes it says “ damping errors to flash” and it reboots. This continues to happen until I unplug all connections (outside, inside, Lan failover and failover state).

After that it stops to reboot in loop and I can disable the failover in conf t.

Just to make it clear;

If both ASA are connected then they work fine in failover/standby mode
If I switch of one of them (failover scenario) then the other one does the case above
If I use only one (after disabling the failover mode in config mode) then it works fine but I don’t have a failover.

The IOS ids 8.2, I have no idea what’s going on.

I hope I will get an answer or fix for it.

Many thanks

Karsten Iwen · ‎11-03-2014

If you are still on an early 8.2 release, then first upgrade to 8.2(5) or even one of the last 8.2 interim-releases. Things like these often happen through bugs in the software and you want to rule that out first.

madonamadona · ‎11-03-2014

Many thanks Karsten, I've already the 8.2(5), please have a look at the sh version from the ASA 5550:

MAIN-ASA# sh ver
Cisco Adaptive Security Appliance Software Version 8.2(5)

Compiled on Fri 20-May-11 16:00 by builders
System image file is "disk0:/asa825-k8.bin"
Config file at boot was "startup-config"

MAIN-ASA up 4 days 7 hours

Hardware: ASA5550, 4096 MB RAM, CPU Pentium 4 3000 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash Firmware Hub @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
                             Boot microcode   : CN1000-MC-BOOT-2.00
                             SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
                             IPSec microcode : CNlite-MC-IPSECm-MAIN-2.05

0: Ext: GigabitEthernet0/0 : address is 30f7.0d3c.5922, irq 9
1: Ext: GigabitEthernet0/1 : address is 30f7.0d3c.5923, irq 9
2: Ext: GigabitEthernet0/2 : address is 30f7.0d3c.5924, irq 9
3: Ext: GigabitEthernet0/3 : address is 30f7.0d3c.5925, irq 9

<--- More --->

Many thanks again

Karsten Iwen · ‎11-03-2014

Ok, I wouldn't expect too man FO-related bugs in that release. Still I would give a newer version a try. 825-51 is the newest interims-release for 8.2, If you plan to use this device for a longer time, I would also consider upgrading to 8.4.

But with that problem on actual software, the next thing to do is to open a TAC-case for this.

madonamadona · ‎11-03-2014

Many thanks Karsten, will do.

Have a nice day

Vibhor Amrodia · ‎11-04-2014

Hi,

As per you initial description of the issue , I think the ASA device is crashing and you are able to recreate this issue as well.

It would e best to open a TAC case and the TAC CSE would be able to provide you with the fix as well.

Thanks and Regards,

Vibhor Amrodia

madonamadona · ‎11-06-2014

Many thanks for the prompt reply.

Spoke to cisco and they recomend to format the flash and reload everything back, so I've saved the license kay and the config.

I would like to try this on a new flash card (4GB) and not touch the existing one,

I know I could use ftp/ tftp and send the files over to the new card but I would like to open the device and replace the existing card with the new one. my question: can I just format the new card (FAT) and save the IOS (say the 8.2(5)) and the config file on it by using usb card reader and pc, insert the card in the ASA and switch it on?.

The other question please; could I use any make of CF ? e.g. kingston or sandisk or, or

Many thanks