Hello,
I am seeing some conflicting information on this topic and I was wondering if I could get some clarification.
This link states that a local CA cannot be configured on an ASA while failover (in general) is configured:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807dac5f.shtml#FailoverCA
This link states that the 'crypto ca server' commands will not be synced, implying that they are at least configurable on the active unit:
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/ha_active_standby.pdf
*The crypto ca server command and related sub-commands are not synchronized to the failover peer
In addition, there are some other miscellaneous resources that state that you can run a local ca server in all cases except Active/Active failover.
I am currently running two ASA's in an Active/Passive failover mode, and whenever I try to enable the local ca server, I get the following error:
ERROR: The local CA server is not supported in a failover
setup. Please disable failover in order to configure the
local CA server
I realize this error pretty much answers my question, but I figured with the information I found, it would be worth it to ask for clarification. With that said, is it at all possible to run a local ca server on an Active/Passive ASA cluster?