Preview Tool

Cisco Bug: CSCul33074 - ASA: Hitless upgrade fails with port-channels

Last Modified

Nov 27, 2020

Products (1)

  • Cisco Adaptive Security Appliance (ASA) Software

Known Affected Releases


Description (partial)

When attempting to perform a hitless upgrade of a failover pair of ASAs from a version prior to versions 8.4(6) and 9.0(2) and 9.1(1)3 to a version at or after  8.4(6) and 9.0(2) and 9.1(1)3 might fail. When the standby boots up with the new version, failover synchronization might fail and the following error might be printed to the console:

"Number of interfaces on Active and Standby are not consistent.If the problem persists, you should disable and re-enable failover on the Standby."

To encounter the problem, all of the following conditions must be met:

1) The ASAs must be in a failover setup
2) A hitless upgrade must be attempted. This involves loading the new code version onto the disk of the standby ASA, then rebooting it so that it boots up running the new version, and syncs with the active ASA.
3) The active ASA running the old code must be running a version of code prior to   8.4(6),  9.0(2), or 9.1(1)3
4) The standby ASA must be rebooted and running a version of code 8.4(6) or 8.4(6)1, 9.0(2) or 9.1(2) or later
5) The ASA must use multiple port-channel interfaces. For a similar issue that affects devices without port-channels, please see CSCug88962
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.