[c-nsp] ASA 5510 Configuration Replication Failure

Randy randy_94108 at yahoo.com
Thu Jun 11 13:39:43 EDT 2009


was the appliance actually *the active unit* when you made the change?
despite the replication failure, you should still be able to connect to both appliances and see what they think their host names are. Make sure it is the same.
 
make sure you have the following entries in the config:
in active:
 
conf t
standby lan unit primary
hostname state(this will display the state of the unit at the prompt - hostname/act and hostname/stdby)
 
in standby:
conf t
standby lan unit secondary
hostname state
 
Regards
 


--- On Thu, 6/11/09, Jeff Wojciechowski <Jeff.Wojciechowski at midlandpaper.com> wrote:


From: Jeff Wojciechowski <Jeff.Wojciechowski at midlandpaper.com>
Subject: [c-nsp] ASA 5510 Configuration Replication Failure
To: "cisco-nsp at puck.nether.net" <cisco-nsp at puck.nether.net>
Date: Thursday, June 11, 2009, 9:37 AM


Dearest List:

We are building a new active/standby ASA cluster with 5510's and the initial config synch went just fine.

However, when we changed the hostname on the primary unit and did a 'write standby' I got the following:

VaultASA(config)# wr stan
Building configuration...
[OK]
VaultASA(config)# Beginning configuration replication: Sending to mate.
Failover LAN Failed
Configuration Replication Failure
sh ver

Cisco Adaptive Security Appliance Software Version 8.0(3)
Device Manager Version 6.1(5)

Another interesting point about this is that both units show the synch interface (E0/3 on both units in our case) show line protocol down.

VaultASA(config)# sh int e0/3
Interface Ethernet0/3 "failover", is down, line protocol is down
  Hardware is i82546GB rev03, BW 100 Mbps, DLY 100 usec
        Full-Duplex, 100 Mbps
        Description: LAN/STATE Failover Interface
        MAC address 0024.14d3.7b37, MTU 1500
        IP address x.x.x.x, subnet mask 255.255.255.0
        558 packets input, 49468 bytes, 0 no buffer
        Received 3 broadcasts, 0 runts, 0 giants
        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
        0 L2 decode drops
        499 packets output, 71296 bytes, 0 underruns
        0 output errors, 0 collisions, 9 interface resets
        0 babbles, 0 late collisions, 0 deferred
        0 lost carrier, 0 no carrier
        input queue (curr/max packets): hardware (0/25) software (0/0)
        output queue (curr/max packets): hardware (0/0) software (0/0)
  Traffic Statistics for "failover":
        558 packets input, 39264 bytes
        502 packets output, 59800 bytes
        0 packets dropped
      1 minute input rate 0 pkts/sec,  0 bytes/sec
      1 minute output rate 0 pkts/sec,  0 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 0 pkts/sec,  0 bytes/sec
      5 minute output rate 0 pkts/sec,  0 bytes/sec
      5 minute drop rate, 0 pkts/sec
VaultASA(config)#

Ideas?

Thanks in advance.

Jeff
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


More information about the cisco-nsp mailing list