Preview Tool

Cisco Bug: CSCtd74691 - VPN session not replicate to Standby after Failover State Link failure

Last Modified

Feb 25, 2018

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases


Description (partial)

Failover link failure may cause replicated VPN sessions to remain on 
Standby's session database. This may eventually leads to internal 
replication error.

If VPN sessions are disconnected on Active during failover link failure, 
replicated vpn sessions remain on standby forever.  If these replicated
VPN sessions remain on standby's session database after failover link recovery,
new VPN sessions may not replicate properly to standby, causing internal error.

- Active/Standby stateful failover
- VPN sessions

Related Community Discussions

Problem with VPN L2L and RA in a failover configuration
I'm using two ASA 5540 in active-standby failover configuration. These boxes (primary and secondary) are used to establish some L2L and RA (Remote Access) VPN. The active box run OSPF process. The problem is when failover occurs (just shuting down the active box, or running 'failover active' in a secondary box) all L2L don't be reestablished in a secondary box. The unique way that I can do this (reestablish the connection) is removing the RRI (Reverse Route Injection) configuration (eg. 'no crypto ...
Latest activity: Aug 20, 2010
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.