Cisco ASA with dual peer on crypto map - failback from secondary to primary peer
We have a deployment with a Cisco ASA 5508 and dual ISP in our HQ, we also have a branch 5505 with single ISP doing a Site to Site VPN against the 5508, so dual peer on crypto map is configured on the 5505 side.
It appears to be working fine when the primary peer is active, then failover to the secondary peer also works fine if the primary ISP fails on the 5508 side.
The problem is when the primary ISP gets restored on the 5508 side, the 5505 would not failback to the primary peer.
Has anybody experiencing something similar? Or does anybody happen to know if there is some documentation stating if this is expected that the firewall will not failback to the primary peer when it gets restored?
I swear I had it working like for 3 years with a previous deployment of two 5505's and very old software version 8.2.5. However, a few weeks ago we had to migrate the HQ to a 5508 with recent software 9.8.4.x and this is when issues started, then we upgraded the software version of the branch 5505 to the last supported version 9.1.x, but issue didn't get resolved.
Hi,I have a very simple question; we have two ASA 5585-X working in Active/Standby Mode with multiuser Contexts.Normally Primary Unit is active for failover group 1 and 2; Secondary Unit is standby !At the moment our Secondary Unit is completely disconnec...
Meet the Authors Event - CCIE Security and Practical Applications in Today’s Network: Zero Trust
(Live event – Thursday, 29th, 2020 at 10:00 a.m. Pacific / 1:00 p.m. Eastern / 6:00 p.m. Paris)
This event will have place on Thursday 29th, October 2020 at 1...
My company uses Microsoft Azure AD, and I sign into all my applications using that account. Can I use that account when I sign in?
Yes - all applications that support SecureX sign-on allow direct login with your Microsoft Azure AD accou...
@Rob Ingram @balaji.bandi @Marius Gunnerud Hi Guys, Does ASA saves any logs by default? logs means if some sort suspicious activity happen within network and we want to see what Firewall saw at that time.I...
Attackers will always target the "low hanging fruit": devices that have passed end-of-software maintenance and end-of-support. A few years ago, Cisco described the evolution of attacks against infrastructure devices. All of the attacks discussed in t...