Friday, July 3, 2020

Cisco ASA cluster issue with public servers

I have a cluster of 2x asa 5545X configured. The cluster itself reports healthy.

The issue I have with it is that one of them doesn’t do public servers (static nat). When I simulate a failure and the other node becomes the master and the only node in the cluster - I can access the internet from inside on any vlan, VPN also establishes fine. But outside access to inside public servers (webserver) doesn’t work.

After I do the procedure in reverse, and the original master is now the only member, everything works as expected.

So I am forced to leave it with just the functional member active.

Has anybody else experienced this or can point me in the right direction?



No comments:

Post a Comment