Network technologies and trends

Jan 21 2016   5:08AM GMT

What is an error “Number of interfaces…not consistent” in ASA Firewall?

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

Cisco ASA
Cisco Firewall
Cisco IOS

If you are planning to do a hitless upgrade of a failover pair of ASA 5500 X Series firewall from 8.4(6) trail to 9.2(4) trail, you need to be little cautious. As you cannot do a direct upgrade, you need to rely on a interim release.

Most people tend to try 9.1(2) as an interim upgrade, when you first upgrade your secondary firewall to the 9.1(2) version you will notice lots of logs are generated with an error “Number of interfaces…not consistent”. These logs are generated especially when you are trying re-enable the failover on the standby  ASA firewall.

This version of IOS is hit by a bug CSCug88962 which results in failure of synchronisation between ASAs. Also when you verify the MD5 hash it never matches with hash value mentioned in Cisco Website. This version never allows you to have a zero down time upgrade of Cisco ASA 5580 X Series firewalls, the only work around for  those who end up in these kind of situation is to downgrade the ASA firewall the previous version of IOS, which was working fine. And then they can plan the upgrade of ASA 5500 X Series firewall  by using the interim version 8.4(7) which is bug free and then to 9.2(4).

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: