11-16-2011 12:02 PM - edited 03-11-2019 02:52 PM
Hi,
We have ASA running code 8.0.4 with Active/Standby for quite long time. Today when we gave the command wri standby it started sync the config to standby ASA but waited forever.
when we checked the show failover, we got the following result.
This host: Secondary - Active
Active time: 1928633 (sec)
slot 0: ASA5540 hw/sw rev (2.0/8.0(4)) status (Up Sys)
Interface PERIMETER-MGMT (10.12.8.1): Normal (Not-Monitored)
Interface OUTSIDE (86.36.xx.xx): Normal (Waiting)
Interface GUEST-WIRELESS1 (10.13.102.1): Normal (Not-Monitored)
Interface GUEST-WIRELESS2 (10.13.103.1): Normal (Not-Monitored)
Interface INSIDE (10.13.122.1): Normal (Waiting)
Interface DMZ-MGMT (10.12.9.1): Normal (Not-Monitored)
Interface DMZ (10.13.96.1): Normal (Waiting)
Interface DMZ-PUB (86.36.xx.xx): Normal (Waiting)
Interface management (0.0.0.0): No Link (Waiting)
slot 1: ASA-SSM-40 hw/sw rev (1.0/7.0(3)E4) status (Up/Up)
IPS, 7.0(3)E4, Up
Other host: Primary - Sync Config
Active time: 6908633 (sec)
slot 0: ASA5540 hw/sw rev (2.0/8.0(4)) status (Up Sys)
Interface PERIMETER-MGMT (10.12.8.2): Normal (Not-Monitored)
Interface OUTSIDE (86.36.xx.xx): Normal (Waiting)
Interface GUEST-WIRELESS1 (10.13.102.2): Normal (Not-Monitored)
Interface GUEST-WIRELESS2 (10.13.103.2): Normal (Not-Monitored)
Interface INSIDE (10.13.122.2): Normal (Waiting)
Interface DMZ-MGMT (10.12.9.2): Normal (Not-Monitored)
Interface DMZ (10.13.96.2): Normal (Waiting)
Interface DMZ-PUB (86.36.xx.xx): Normal (Waiting)
Interface management (0.0.0.0): No Link (Waiting)
slot 1: ASA-SSM-40 hw/sw rev (1.0/7.0(3)E4) status (Unresponsive/Down)
IPS, 7.0(3)E4, Not Applicable
When we console to Standby ASA and tried to save (wri mem), we got the following error and also please note the hostname has become default...?
ciscoasa(config)# wri memory
Building configuration...
Command Ignored, Configuration in progress...
[FAILED]
and when we tried to give following command we got this error:
ciscoasa(config)# copy running-config startup-config
Source filename [running-config]?
%Error reading system:/running-config (Configuration temporarily locked)
ciscoasa(config)#
I see here the standby ASA IPS module is down, but can that issue cause not sync the config backup and writing to nvram (save config)..?
Appreciate if someone can reply what can cause this issue..?
11-16-2011 04:36 PM
Hi,
What happen if you issue "failover reset" command? Some of the interfaces are having problems. What I would do first is just try to have the interfaces that show "waiting" to normal state and then issue the failover reset. The problem may obbey to the faulty SSM module. Try resetting the module again and check if it comes to up state again.
Let me know.
Mike
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide