07-21-2015 01:59 AM - edited 03-11-2019 11:18 PM
Hello community
We have configured our 5585-X SSP20 as in the following document:
Both ASAs are connected to our VSS - 6509
System image file is "sup-bootflash:/s72033-ipservicesk9_wan-mz.122-33.SXJ7.bin
And both FW are using the samme OS - System image file is "disk0:/asa922-4-smp-k8.bin
The FWs can ping each other with no issues. But when I add the second one the following error occurs:
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
ASA2(cfg-cluster)# enable
WARNING: Strongly recommend to configure a virtual MAC address for each span-cluster port-channel interface or all subinterfaces of it in order to achieve best stability of span-cluster port-channel during unit join/leave.
ASA2(cfg-cluster)# cluster_ccp_make_rpc_call failed to clnt_call. msg is CCP_MSG_REGISTER, ret is RPC_SYSTEMERROR
Cluster disable is performing cleanup..done.
All data interfaces have been shutdown due to clustering being disabled. To recover either enable clustering or remove cluster group configuration.
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Someone can point us int the right direction?
Best regards
Isaac Alves
Solved! Go to Solution.
07-21-2015 02:52 AM
Hi,
Can you post the configuration from the ASA device ?
Thanks and Regards,
Vibhor Amrodia
07-21-2015 06:06 AM
Hi,
Correct as this RPC error is quite generic and might related to something in the configuration as well.
Thanks and Regards,
Vibhor Amrodia
07-21-2015 02:52 AM
Hi,
Can you post the configuration from the ASA device ?
Thanks and Regards,
Vibhor Amrodia
07-21-2015 04:54 AM
Hello Vibhor
Thank you for trying to help us out.
In attachement our cluster configuration.
I have checked SSL but there are no issues there:
http://www.cisco.com/image/gif/paws/116108/116108-problem-slave-asa-00.pdf
Best regards
07-21-2015 04:54 AM
Hello Vibhor
I have started again from a fresh config - configuration factory-reset and added this minimum config:
!ASA2
mtu cluster 9000
!
interface GigabitEthernet0/5
channel-group 23 mode on
no sh
!
interface GigabitEthernet0/6
channel-group 23 mode on
no sh
!
interface Port-channel23
no sh
!
cluster group ASA_CLUSTER
key ***
local-unit ASA2
cluster-interface Port-channel23 ip 192.168.1.2 255.255.255.240
priority 2
enable as-slave
!
And it did the trick :)
Cluster unit ASA2 transitioned from DISABLED to SLAVE
Thanks for your help
07-21-2015 06:06 AM
Hi,
Correct as this RPC error is quite generic and might related to something in the configuration as well.
Thanks and Regards,
Vibhor Amrodia
07-23-2015 01:54 AM
Hello Vibhor
I am having a strange issue with the management adresses of my SLAVE FW. The MASTER FW is replying to the arp requests made to the SLAVE management address. Other host in the same have no issues on reaching the management interface as the SLAVE management interface is replying to the ARP requests.
As a workaround I have done a static arp entry on the gateway, but I am not very fond of doing static ARP entries :-).
Do you have any hint on what to do? I have configured my management interfaces as in this doc:
http://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/ha_cluster.html
Thank you for bearing with me.
Isaac Alves
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide