Guest

Preview Tool

Cisco Bug: CSCuo78285 - ASA Traceback during failover config sync

Last Modified

Apr 16, 2020

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

100.11(3.11) 100.11(3.14) 9.1(5.10) 9.2(2)

Description (partial)

Symptom:
A firewall may cause a traceback and reload when trying to clear a portion or all of the configuration. This likely manifests during a configuration sync from an Active firewall. The first step of an config sync is to clear the existing local configuration in preparation for the re-sync of policies from the existing Active firewall. The Standby firewall will reload and attempt to re-sync its configuration from the Active resulting in another crash, thus starting a crash loop on the Standby firewall.

Conditions:
In a failover pair this may affect the Standby Firewall during config replication or it may affect the Active firewall if active removal of interface configuration is being done. From initial analysis it appears to be related to very large configurations with significant amounts of NAT configured.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.