Occasionally I would find that changes I knew I had made to clientless SSL VPN smart tunnels were no longer working. When I would look on the ASA I would find that my changes were no longer listed in the running config. This was infrequent enough that I wasn't 100% sure I originally made the changes until today when a relatively recent change disappeared. Testing showed that changes I made on the primary ASA in a failover pair to smart tunnel network list (in this case adding additional IPs for users to access) were not automatically saved to the running config on the standby unit. So anytime a failover occurred any changes made to smart tunnels would revert back to what was on the secondary. When I forced saved to standby the updates appeared.
I am not sure if this is a bug related to our recent update to ASA 9.6(3)1/ASDM 7.8(1) or if it has been going on longer. Anyone else experience this or have any ideas? It's an easy work around but am pretty sure it used to work automatically to synch up the running configs on applying the commands on the primary ASA to the standby. ASAs are 2: 5545X
Checking the failover status everything appears ok. The primary is the active ASA as normal.
Checking the Cisco site, the ASAs are already running the latest recommended release version for 9.6 series.