Guest

Preview Tool

Cisco Bug: CSCtb50399 - config sync- commands in different order on primary and standby

Last Modified

Nov 08, 2016

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

7.2(4)

Description (partial)

Symptom:
Cisco PIX Security Appliance Software Version 7.2(4)

Customer is reporting that several configuration elements are getting out of sync after time.  Triggers for this appear to be after entering write standby command.They run scripts that prints the configurations of the Primary and Secondary PIX's and then does a line by line compare.  The script errors off when it sees a condition like this:

This host: Primary - Active
PIX3(config)# show run | inc ip audit
ip audit name test attack action alarm
ip audit name test1 info action alarm
ip audit interface OUTSIDE test1
ip audit interface OUTSIDE test
ip audit interface INSIDE test1
ip audit interface INSIDE test
ip audit signature 2004 disable

This host: Secondary - Standby Ready
PIX3#  show run | inc ip audit
ip audit name test1 info action alarm
ip audit name test attack action alarm
ip audit interface OUTSIDE test1
ip audit interface OUTSIDE test
ip audit interface INSIDE test1
ip audit interface INSIDE test
ip audit signature 2004 disable
PIX3#


Conditions:
Customer running PIX version 7.2(4).
Customer sees issue using failover serial cable.
TAC repro also sees issue using LAN failover.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.