I am facing a strange issue that'why I hope someone here will give me a solution, at least a good lead.
I have a new customer that called me because he had his VPN KO : anyconnect profile didn't work.
I saw that there was a HA configuration, and a failover occured because the active reloaded. The customer confirmed me there was an electrical issue.
The customer uploaded via ASDM the profile and it worked again, but there is this point : why the profile didn't exist on the standby unit ?
I saw in the failover that 3 interfaces (inside,outside & management) were monitored and 2 of them (management + inside) are in waiting state. For me, while those interfaces aren't monitored, the sync will fail (am I right for this point ?)
Then I search how those interfaces are linked between the two nodes.
I have :
- managementPrimary => SwitchA => SwitchB => SwitchC => managementSecondary (waiting state)
- insidePrimary => SwitchA => SwitchB => SwitchC => insideSecondary (waiting state)
- outsidePrimary => SwitchD => outsideSecondary
Each interface is in access vlan.
I check that each vlan is created in Switch 1,B&C and those vlans are Ok in link between switches : for me there is no L2 issues on switches A,B&C
From a remote workstation, I am able to ping Primary and Secondary IP addresses for management and inside interfaces : for me there is no L3 issue for those interfaces.
This is were I need some help : what could be the origin of this issue ? (the customer didn't know interfaces were in waiting state, I cannot tell if they were once monitored)