Guest

Preview Tool

Cisco Bug: CSCvv53556 - ASA: Do not disable failover in case of progression failure

Last Modified

Sep 02, 2020

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

9.12(4.2) 9.6(4.8)

Description (partial)

Symptom:
This is an enhancement request. ASA should not disable failover and put "no failover" into the configuration in case of failover progression failure as this can sometimes lead to a situation when both units become active, i.e. both units may start using same IP addresses. The idea of this enhancement request is to change the current failover behaviour when the unit hit the critical condition

Today's state:
 DISABLED	-	If 'no failover' is configured by the user or 'no failover'  added automatically in case of progression failure

Later: 
 DISABLED	-	If 'no failover' is configured by the user.
 SHUN / MUTE	-	Unit hit the critical condition and stops negotiating with the peer. Running config will still have 'failover'.

Conditions:
This implementation flaw exists in all ASA releases
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.