From: Jon Humphries (jon_humphries@msn.com)
Date: Sat Nov 29 2008 - 12:44:46 ARST
Hi,
According to your dump you are running version 8.03 (6) have you tried 8.0(4)
?
If it is working from Primary to Secondary then sounds like a bug. Send your
configs over just in case but I think you should first try either upgrade or
downgrade.
Search CCO for bug id's, I recall having lots of problems with VPN's on that
release.
> Date: Sat, 29 Nov 2008 05:43:23 -0800
> From: satandaemon@yahoo.com
> Subject: ASA Failover
> To: ccielab@groupstudy.com; security@groupstudy.com
>
> GS,
> I've a problem with VPN failover on ASA (active/passive),
> it works during failover from primary to secondary but when i test it by
turning off secondary, every thing works but site to site VPNs, i've recent
IOS code, show failover history doesn't show anything valuable,
> tunnels can not establish even by clearing SA, i have to reload, it cant be
IPS ssm cause it works from primary to secondary and having same config...
>
> Failover On
> Failover unit Primary
> Failover LAN Interface: failover GigabitEthernet0/1 (up)
> Unit Poll frequency 1 seconds, holdtime 15 seconds
> Interface Poll frequency 5 seconds, holdtime 25 seconds
> Interface Policy 1
> Monitored Interfaces 4 of 250 maximum
> failover replication http
> Version: Ours 8.0(3)6, Mate 8.0(3)6
> Last Failover at: 12:41:18 UTC Nov 28 2008
> This host: Primary - Active
> Active time: 64098 (sec)
> slot 0: ASA5520 hw/sw rev (2.0/8.0(3)6) status (Up Sys)
> Interface outside : Normal
> Interface wan : Normal
> Interface dmz : Normal
> Interface management : Normal
> slot 1: ASA-SSM-40 hw/sw rev (1.0/6.0(4)E1) status (Up/Up)
> IPS, 6.0(4)E1, Up
> Other host: Secondary - Standby Ready
>
This archive was generated by hypermail 2.1.4 : Mon Dec 01 2008 - 08:18:32 ARST