Cisco ASA Issue

ElizabethKh · ‎11-18-2025

Hello everyone,

I’m currently troubleshooting an issue with a Cisco ASA5515-Edge running in a failover cluster (Primary/Secondary). For the past several days, the cluster has been experiencing intermittent problems that we have not seen before.

Issue Description
Several users intermittently fail to establish connections (VPN or other sessions) for a period of time.

During these events, ASDM access becomes completely unavailable — the ASDM client cannot connect.

However, the device still responds to ICMP (ping), and SSH access remains functional.

No major configuration changes were made recently.

Temporary Workaround
The only action that restores normal operation is performing a manual failover:

Switch from Primary → Secondary

Then switch back Secondary → Primary

After this failover cycle, the issue disappears temporarily.

Request for Guidance
What could potentially cause this behavior, and what should we check to diagnose the root cause? We are particularly interested in:

Logs or counters that may indicate resource exhaustion (CPU, memory, sessions, ASP drops, etc.)

Any known issues/bugs related to ASDM access failure or cluster instability on ASA5515

Whether a stuck process, management-plane issue, or failover sync problem could cause these symptoms

We would appreciate any suggestions or recommended troubleshooting steps.

Sheraz.Salim · ‎11-18-2025

Are you running anyconnect with TLS or with ikev2?

it’s seem to be you running anyconnect with TLS therefore when there is a issue where remote client are not able to connect at that same time ASDM does not work either as ASDM works on TLS.

issue could be at control plan on regards to logging it would be difficult to diagnose unless otherwise you setup syslog and offload them to external server and when issue occurs you can refer to logs to find out what logs suggest you.

your firewall is EOL/EOS consider upgrading with in life appliances.

please do not forget to rate.