02-23-2007 03:50 PM - edited 03-11-2019 02:37 AM
Hi all, need some help regarding an ASA 5510. With failover wizzard I changed to active/active. Then the ASA reboots and now I cant configure the appliance in known manner. No IP setting is possible on the interfaces and all the Firewall configs. Now I try to change back but dont know how. Does anybody know the answer?
Solved! Go to Solution.
02-23-2007 03:57 PM
Trying to configure Active/Active failover using the wizard has converted firewall into multiple context mode.
Now if you only want to configure these ASAs in Active/Standby mode, without multiple context, first we need to bring them in single mode. For this:
- please login to ASA via console
- this should bring you to system execution space
- from here, go to configuration mode
- verify that you ar ein multiple context mode using command
--> show mode
- if its multiple context mode, it will say:
Security context mode: multiple
- to bring this back in single mode, use following command:
--> mode single
Now ASA will reload into your normal old Single mode. Thereafter you can proceed with your normal Active/Standby failover configuration.
Hope this helps.
Regards,
Vibhor.
02-23-2007 03:57 PM
Trying to configure Active/Active failover using the wizard has converted firewall into multiple context mode.
Now if you only want to configure these ASAs in Active/Standby mode, without multiple context, first we need to bring them in single mode. For this:
- please login to ASA via console
- this should bring you to system execution space
- from here, go to configuration mode
- verify that you ar ein multiple context mode using command
--> show mode
- if its multiple context mode, it will say:
Security context mode: multiple
- to bring this back in single mode, use following command:
--> mode single
Now ASA will reload into your normal old Single mode. Thereafter you can proceed with your normal Active/Standby failover configuration.
Hope this helps.
Regards,
Vibhor.
02-23-2007 04:20 PM
Hi Vibhor, thanks a lot, thats it!!!
04-26-2007 01:42 AM
Vibhor,
further to that I have a question if you have a moment please?
i have upgraded 2 x 5510 to the Sec plus license. I have not as yet, enabled active/active. This is because the output from a sh ver shows 0 contexts. The question is, does this output show 0 contexts purely because A/A has not been enabled or because no contexts are available?
I'm a bit concerned about this...
Cheers
Ali
04-26-2007 03:15 AM
Can you post the output from "sh ver" on both devices.
If you don't have a licence for contexts you should only have an Acitive/Standy failover licence.
04-26-2007 06:28 AM
Hi Mark, Here's the output. Active/Standby only as you can see
# sh ver
Cisco Adaptive Security Appliance Software Version 7.0(5)
Device Manager Version 5.0(5)
Compiled on Mon 10-Apr-06 14:40 by builders
System image file is "disk0:/asa705-k8.bin"
Config file at boot was "startup-config"
up 3 hours 34 mins
Hardware: ASA5510, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash AT49LW080 @ 0xffe00000, 1024KB
Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
Boot microcode : CNlite-MC-Boot-Cisco-1.2
SSL/IKE microcode: CNlite-MC-IPSEC-Admin-3.03
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.04
0: Ext: Ethernet0/0 : address is 0018.195b.e8a0, irq 9
1: Ext: Ethernet0/1 : address is 0018.195b.e8a1, irq 9
2: Ext: Ethernet0/2 : address is 0018.195b.e8a2, irq 9
3: Ext: Ethernet0/3 : address is 0018.195b.e8a3, irq 9
4: Ext: Management0/0 : address is 0018.195b.e89f, irq 11
5: Int: Not licensed : irq 11
6: Int: Not licensed : irq 5
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 25
Inside Hosts : Unlimited
Failover : Active/Standby
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Security Contexts : 0
GTP/GPRS : Disabled
VPN Peers : 150
This platform has an ASA 5510 Security Plus license.
Serial Number: xxxxxx
Running Activation Key:xx xxx xxx xx
Configuration register is 0x1
Configuration has not been modified since last system restart.
04-26-2007 07:00 AM
As things stand, you can only run Active/Standby failover.
However I am a little confused, with your license status, the "sh ver" is reporting Security Plus which according to Cisco supports both Active/Standby and Active/Active
http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html
However contexts apear to be seperately licensed feature, so if/when you purchase such a license, maybe Active/Active will become available automaticaly. As you can probably tell I have never done that particular upgrade, but you would need the licence on both devices if so.
04-26-2007 07:08 AM
I was a bit baffled too when I saw the same doc. Also, tech support docs say that A/A is supported with a Sec Plus.
Thanks for the sanity check anyway Mark.
Ali
04-26-2007 07:58 AM
All I can find on the Cisco site is this
http://www.cisco.com/en/US/products/ps6120/products_data_sheet0900aecd802c1d00.html
Which gives the Part for a 5500 5 Context license, the previous link shows you should have 2 contexts with a Security Plus license.
If possible I would raise a TAC case to get this cleared up.. Not at all obvious..
The other thing you could try, is to upgrade to V7.2 software, if you have appropriate support
If get anything from Cisco please post, as I am curious how this works.
05-02-2007 01:25 AM
Mark,
As you suggested, I upgraded to 7.2.2, using the Sec Plus licenses. This then enabled two contexts, which under 7.0.5 showed none. So happy days!
thanks for the suggestions
Ali
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide