Currently have 2 ASA 5510s replicating. Last night I restarted the standby ASA but not it will no longer receive the configuration from the active ASA. This is been working fine for ages so not sure what is wrong.
It begins configuration replication from the mate. But then it says on the standby:
Warning: the crypto map entry will be incomplete!
Configuration replication is in progress. Please try authentication again when replication completes.
ERROR: capture-dynACL-ISAKMP contains a reserved access list name. It cannot be manually configured.
ERROR: object () does not exist.
Config Sync Error: Following Command could not be executed on standby
access-list capture-dynACL-ISAKMP permit ip host xx.xx.xx.xx host xx.xx.xx.xx .xx.xx
******REPLICATION OF CONFIGURATION FROM ACTIVE TO STANDBY UNIT IS INCOMPLETE,
TO PREVENT THE STANDBY UNIT TAKING OVER AS ACTIVE WITH A PARTIAL CONFIGURATION,
THE STANDBY UNIT WILL NOW REBOOT*******
I am not sure why it has the .xx.xx on the end of the command because if you do a show access-list the line itself is fine.
But the problem is this is a dynamic access-list which is created by the ASA for the site to site VPN so doesn't appear in the running config nor can I change it.
Is this some kind of bug?
Cheers