Cisco Community
English
Register
Great changes are coming to Cisco Community in July. LEARN MORE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
764
Views
0
Helpful
7
Replies
tommcmahontac
Beginner
Beginner
‎11-12-2012 07:35 AM
‎11-12-2012 07:35 AM

ASA 5500 Restored a failed unit now seeing issues with VPN tunnels.

I restored the HA pair back to Active/Standby.

1 remaining issue.

I have 3 IPsec Site-to_SIte tunnels.

I noticed that when the NEW UNIT becomes ACTIVE that I am unble to pass traffic over the VPN tunnels.

When I failback I am able to pass traffic.

Any ideas?

Thanks...

Labels:
0 Helpful
7 REPLIES 7
Jennifer Halim
Cisco Employee
Cisco Employee
‎11-12-2012 06:14 PM
‎11-12-2012 06:14 PM

Can you pls check if the configuration gets synchronized to the new Unit, as well as you also have stateful failover configured?

0 Helpful
tommcmahontac
Beginner
Beginner
In response to Jennifer Halim
‎11-13-2012 08:19 AM
‎11-13-2012 08:19 AM

Yes - stateful failover is configured. I have attached the configuration for review.

The Sync appears fine. The unit operates fine for a few hours and then the traffic stops getting passed over the VPN tunnels. I perform a failover and traffic passes immediately.          

138399-ASA5500_config.txt.zip