Hello,

I want to create an active/standby failover set-up for an existing production multicontext FW. I do the usual failover configuration, replication ends, so far so good, but after 5 minutes the secondary/stanby unit gets stuck in the bulk sync state. Now, I've read that there is a CISCO bug for this but I did a test configuration (active/active) between this secondary ASA and another one I had laying around and that worked with no issues before this attempt .

So, now I wonder what it is that I am missing, maybe a licence problem ? a bad link ? There is also a problem with access/authetication via ISE because there is another FW(3rd party) that has to permit access for the unit. 

Any suggestion is appreciated.

Failover On
Failover unit Primary
Failover LAN Interface: failover GigabitEthernet1/8 (up)
Reconnect timeout 0:00:00
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 10 of 160 maximum
MAC Address Move Notification Interval not set
Version: Ours 9.6(4)3, Mate 9.6(4)3
Serial Number: Ours JAD195002S4, Mate JAD21140622
Last Failover at: 17:19:38 CEST Dec 3 2018
This host: Primary - Active
Active time: 1106085 (sec)
slot 1: ASA5516 hw/sw rev (1.0/9.6(4)3) status (Up Sys)
vdtl-admin Interface Management (10.11.33.188): Normal (Monitored)
vdtl Interface outside (192.66.63.44): Normal (Monitored)
vdtl Interface inside (10.242.0.3): Normal (Monitored)
stun Interface Inside (10.255.8.1): Normal (Monitored)
stun Interface Outside (192.66.63.42): Normal (Monitored)
stun Interface TL-NET (10.242.0.5): Normal (Monitored)
stun Interface STUN-NIANET (10.239.0.241): Normal (Monitored)
pumpe Interface Outside (192.66.63.40): Normal (Monitored)
pumpe Interface Inside-vlan102 (10.242.0.7): Normal (Monitored)
pumpe Interface pumpe-vlan3005 (10.255.9.1): Normal (Monitored)
slot 2: SFR5516 hw/sw rev (N/A/5.4.1-211) status (Up/Up)
ASA FirePOWER, 5.4.1-211, Up, (Monitored)
Other host: Secondary - Bulk Sync
Active time: 0 (sec)
slot 1: ASA5516 hw/sw rev (2.0/9.6(4)3) status (Up Sys)
vdtl-admin Interface Management (10.11.33.187): Normal (Waiting)
vdtl Interface outside (192.66.63.45): Normal (Waiting)
vdtl Interface inside (10.242.0.9): Normal (Waiting)
stun Interface Inside (10.255.8.2): Normal (Waiting)
stun Interface Outside (192.66.63.43): Normal (Waiting)
stun Interface TL-NET (10.242.0.6): Normal (Waiting)
stun Interface STUN-NIANET (10.239.0.244): Normal (Waiting)
pumpe Interface Outside (192.66.63.41): Normal (Waiting)
pumpe Interface Inside-vlan102 (10.242.0.8): Normal (Waiting)
pumpe Interface pumpe-vlan3005 (10.255.9.2): Normal (Waiting)
slot 2: SFR5516 hw/sw rev (N/A/5.4.1-211) status (Up/Up)
ASA FirePOWER, 5.4.1-211, Up, (Monitored)

Stateful Failover Logical Update Statistics
Link : failover GigabitEthernet1/8 (up)
Stateful Obj xmit xerr rcv rerr
General 3981082 1704 4483 2
sys cmd 6495 0 4483 2
up time 0 0 0 0
RPC services 0 0 0 0
TCP conn 1209329 0 0 0
UDP conn 666496 0 0 0
ARP tbl 2086492 0 0 0
Xlate_Timeout 0 0 0 0
IPv6 ND tbl 0 0 0 0
VPN IKEv1 SA 6481 1300 0 0
VPN IKEv1 P2 4928 0 0 0
VPN IKEv2 SA 0 0 0 0
VPN IKEv2 P2 0 0 0 0
VPN CTCP upd 0 0 0 0
VPN SDI upd 0 0 0 0
VPN DHCP upd 0 0 0 0
SIP Session 0 0 0 0
SIP Tx 0 0 0 0
SIP Pinhole 0 0 0 0
Route Session 102 0 0 0
Router ID 0 0 0 0
User-Identity 788 404 0 0
CTS SGTNAME 0 0 0 0
CTS PAC 0 0 0 0
TrustSec-SXP 0 0 0 0
IPv6 Route 0 0 0 0
STS Table 0 0 0 0

Logical Update Queue Information
Cur Max Total
Recv Q: 0 12 4485
Xmit Q: 0 385 5684872

----------------------------------------------------------------------------------------------------

failover
failover lan unit primary
failover lan interface failover GigabitEthernet1/8
failover link failover GigabitEthernet1/8
failover interface ip failover 192.168.99.1 255.255.255.252 standby 192.168.99.2