Hello CSC World! I just came across an issue where our pair of ASA5525 devices are syncing but showing a "failed" state when issuing the show fail command. Here is the output of the show fail command: Failover On  Failover unit Secondary Failover LAN Interface: failover GigabitEthernet0/7 (up) Unit Poll frequency 1 seconds, holdtime 15 seconds Interface Poll frequency 5 seconds, holdtime 25 seconds Interface Policy 1 Monitored Interfaces 6 of 216 maximum failover replication http Version: Ours 9.0(4), Mate 9.0(4) Last Failover at: 00:55:14 EDT Mar 25 2015         This host: Secondary - Active                  Active time: 3742577 (sec)                 slot 0: ASA5525 hw/sw rev (1.0/9.0(4)) status (Up Sys)                   Interface outside (66.159.100.4): Normal (Waiting)                   Interface inside (10.5.55.4): Normal (Waiting)                   Interface dmz (10.5.10.1): Normal (Waiting)                   Interface dmz2 (10.5.13.1): Normal (Waiting)                   Interface testwifi (10.5.51.1): Normal (Not-Monitored)                   Interface guestwifi (10.5.247.1): Normal (Waiting)                   Interface mgmt (0.0.0.0): Unknown (Waiting)                 slot 1: IPS5525 hw/sw rev (N/A/7.1(7)E4) status (Up/Up)                   IPS, 7.1(7)E4, Up         Other host: Primary - Failed                  Active time: 8387132 (sec)                 slot 0: ASA5525 hw/sw rev (1.0/9.0(4)) status (Up Sys)                   Interface outside (66.159.100.5): No Link (Waiting)                   Interface inside (10.5.55.5): No Link (Waiting)                   Interface dmz (10.5.10.2): No Link (Waiting)                   Interface dmz2 (10.5.13.2): No Link (Waiting)                   Interface testwifi (10.5.51.2): Normal (Not-Monitored)                   Interface guestwifi (10.5.247.2): No Link (Waiting)                   Interface mgmt (0.0.0.0): No Link (Waiting)                 slot 1: IPS5525 hw/sw rev (N/A/7.1(7)E4) status (Up/Down)                   IPS, 7.1(7)E4, Up I checked to make sure changes are replicating by inputting a remark in the current active firewall and it was replicated without issue to the other. I then looked at the links back to the switches and they are all up and I can ping all the IP addresses associated with the interfaces from the firewalls and switches themselves. In addition, spanning tree is not blocking anything on the uplinks. The topology is as follows (I can be more detailed, but this should give you a decent idea): ASA5525-01 ==> Nexus 7K-01 == Nexus 7K-02 <== ASA5525-02 The last failover occurred during a maintenance window when I had to bring down our primary switch, and it seems that it has never failed back. Any suggestions/input would be appreciated. Thanks everyone!        ... View more

My company is currently testing out dual factor authentication for specific users. To authenticate we use SecureAuth keys and an existing AD server which is also used to authenticate for our other VPN groups. Because of this members in the dual auth group can authenticate in the current VPN groups by using only their AD credentials. Is their a way for me to configure this group to only be able to gain VPN access if they go through the dual factor method? Basically if the users in the dual auth group don't connect using the dual auth group in anyconnect, they will not be able to establish a vpn connection is what I'm looking to setup. Any input is appreciated! ... View more

Hey Everyone, I have recently deployed PI 2.0, and I am wondering if what I would like to do can be done. I have approximately 1,000 AP's deployed in various retail locations and was hoping I could group them all together into one group so that I can see the status of all retail AP's on a dashboard of some kind. Similar to what the coverage area dashlet shows when maps are loaded, but just the status of the AP's deployed in our retail environment. The things I would like to see on a splash page (dashlet) would be: up/down, client count, amount of AP's, and alarms. I've searched high and low to see if something like this is available, and I am getting nowhere. Any help or assistance would be greatly appreciated! ... View more