Solved

Configuration Replication is NOT performed from Standby unit to Active unit.         Configurations are no longer synchronized[

Posted on 2012-12-27
10
1,688 Views
Last Modified: 2013-01-25
I have 2 ASA 5580 IOS  asa844-1-smp-k8.bin , i make failover as shown below


i made failover active
failover
failover lan unit primary
failover lan interface failover GigabitEthernet8/3
failover replication http
failover timeout 0:00:10
failover mac address Port-channel2 0015.17fe.4b60 001b.219c.a318
failover mac address GigabitEthernet3/3 0015.17fe.4b63 001b.219c.a31b
failover mac address Port-channel3 001b.21a1.d6d4 001b.219f.e340
failover link failover GigabitEthernet8/3
failover interface ip failover 1.1.1.1 255.255.255.252 standby 1.1.1.2

standby ASA
failover
failover lan unit secondary
failover lan interface failover GigabitEthernet8/3
failover replication http
failover timeout 0:00:10
failover mac address Port-channel2 0015.17fe.4b60 001b.219c.a318
failover mac address GigabitEthernet3/3 0015.17fe.4b63 001b.219c.a31b
failover mac address Port-channel3 001b.21a1.d6d4 001b.219f.e340
failover link failover GigabitEthernet8/3
failover interface ip failover 1.1.1.1 255.255.255.252 standby 1.1.1.2


but when I turn of Port-channel2 (interface 3/0 , 3/1 , 3/2 )  doesn't go to standby ASA . why ?
appear that message in standby ASA

Configuration Replication is NOT performed from Standby unit to Active unit.         Configurations are no longer synchronized


please answer me it is urgent

for more detail config ASA active and standby please find at

attached file
standby-ASA.txt
active-ASA-.txt
0
Comment
Question by:memo12345678
  • 4
  • 3
  • 2
  • +1
10 Comments
 

Author Comment

by:memo12345678
ID: 38725155
any one have answer ?
0
 
LVL 3

Expert Comment

by:jwil320
ID: 38725565
You're getting that error because you made a change on the standy unit. I would do a write memory from the active ASA so you can resync the configurations.
0
 
LVL 28

Expert Comment

by:mikebernhardt
ID: 38725608
jwil320 is exactly correct. The first thing I would do though is to enter "show failover" and verify which one is actually active, which is different from Secondary. Make sure the correct one is active. If not, type "failover active" on the one you want active before making config changes.
0
 

Author Comment

by:memo12345678
ID: 38728804
why  appear   Negotiation ?
 

Mosul-ASA# show failover history
==========================================================================
From State                 To State                   Reason
==========================================================================
11:18:34 Iraq Dec 27 2012
Not Detected               Negotiation                No Error

11:19:19 Iraq Dec 27 2012
Negotiation                Just Active                No Active unit found

11:19:19 Iraq Dec 27 2012
Just Active                Active Drain               No Active unit found

11:19:19 Iraq Dec 27 2012
Active Drain               Active Applying Config     No Active unit found

11:19:19 Iraq Dec 27 2012
Active Applying Config     Active Config Applied      No Active unit found

11:19:19 Iraq Dec 27 2012
Active Config Applied      Active                     No Active unit found

==========================================================================
Mosul-ASA#
0
 

Author Comment

by:memo12345678
ID: 38728805
how I do resync  in Active ASA ? jwil320 ?
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 3

Expert Comment

by:jwil320
ID: 38729684
from the active ASA you just type "write memory"
0
 
LVL 3

Assisted Solution

by:jwil320
jwil320 earned 166 total points
ID: 38729686
also provide the output from " sh run failover" from both ASA's

sorry do a write standy instead of write memory.
0
 
LVL 28

Assisted Solution

by:mikebernhardt
mikebernhardt earned 167 total points
ID: 38732933
On active unit:
conf t
 failover
 failover active

On standby unit
conf t
 failover
 no failover active
0
 
LVL 5

Accepted Solution

by:
Feroz Ahmed earned 167 total points
ID: 38762195
Hi,

To replicate configurations from Active to Standby you are required to convert a particular Interface into Management port and should run Failover command once the handshake between 2 failover takes place (a hello command is received from Standby Failover) which specifies Handshake between Active and Standby was successful and data replication takes place between Active and Standby .whatever changes are made on active failover the same configuration is replicated on Standby Failover.In this way data replication takes place in Failover concept.The first thing to startup with failover is Successful handshake in the form of "Hello" command on both Failover.
0
 

Author Closing Comment

by:memo12345678
ID: 38818369
thanks a lot
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

This is about downgrading PIX Version 8.0(4) & ASDM 6.1(5) to PIX 7.2(4) and ASDM 5.2(4) but with only 64MB RAM and 16MB flash. Background: You have a Cisco Pix 515E which was running on PIX 7.2(4) and its supporting ASDM 5.2(4) without any i…
From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now