Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi all, today we had a failover event on a pair of asa5505's running 7.2(4). The standby took over fine and no impact was seen to traffic, strangely, after 58 minutes the primary came back and took over. Running show fail on both units gives the corr...
Hi all, I have a problem with an ASA (5520 8.0(4)) failing to work with a port based acl for remote clients. I have a simple one line acl for the split traffic, if I permit IP the tunnel works fine, if I lock it down to TCP 3389 then rdp will not wor...
Hi All, I have 2 css11503's in one armed active/passive mode. I have applied ssl certs on both boxes, one of them gives me the message that key and file are not valid (works fine on primary), I've done a show ssl file and the cert in question is ther...
Hi all, I have 2 css11503's in active/passive redundancy config. When using the commit_redundConfig command the ssl does not copy across correctly. I have cleared the standby box and started again, but with no luck. The config guides I have found off...
Hi, we recently set up a l2l vpn between a pix 515e running 7.0(5) and a netscreen 5XT. The standy pix reports attempts to send an IKE packet from standby unit, it is now crashing 3 -4 times a day, I feel the 2 issues must be related but am at a loss...
We've seen this before when moving firewalls, if you can co-ordinate with your ISP to do a 'clear ip arp xxx.xxx.xxx.xxx' for the problem address' on the upstream layer 3 device it should clear the issue, if they dont maybe you could ask them to redu...
Hi Mike, thanks for the tip, afraid the output gives nothing useful on the active and a 'hello not heard from mate' on the standby - once again seeming to indicate the active unit stopped processing IP packets. The customers traffic is quite low and ...
Thanks Giles, I opened a TAC case and finally got it resolved, I had to import a different file, copy that to the corrupt one (in llama)::ap_file copy c:/CertStore/ssl/good.pem c:/CertStore/ssl/bad.pembackout of llama and I could then delete the fil...
Thanks,got the boxes set up in active passive mode, in a one arm bandit type config, thats all fine, I just cant find anything anywhere that tells me if I have to set up the ssl part seperately on both boxes, coming to the conclusion I will have to d...
