Today our primary ASA had some flash issues. The result is it that the flash is empty and you cant "wr m" or create directories anymore. Ive reloaded the device and booted an image from tftp but still no joy.
Luckily we have a second ASA acting as a standby, this is now active firewall. We also have a support call to replace either the flash or device.
I have 2 questions really.
1) I managed to take a copy of sh ver on the faulty firewall to retain the acitivation key. If they replace the flash module how do I re-enter the key? Can i re-enter the key? (i read that if you replace the flash you need a new key?)
2)As the faulty system was the primary what is the best way of recovering the configuration? Should i just copy tftp start and reload? I have a feeling that i will need manually configure failover first as this writes information into a hidden partition on flash (.private). Then once the 2 firewalls "see" each other the running config on the Active Secondary will automatically copy to the primary?
All help much appreciated
For #1, if you have to re-enter the activation key, you can get into config mode and issue the command:
(simple, I know). On the PIXes, the activation key was saved on the flash. I'm trying to remember on the ASAs (it's been a few years since this was designed/discussed) but I want to say that we no longer store the activation key on flash, but honestly, I can't remember.
For #2, when you get the replacement, you can tftp the config to the startup config, then power off, connect the cables and power on. That will do it. OR, you can just minimally configure failover. Which is basically adding the Failover LAN interface & IP, along with 'failover unit primary'. That will be enough for the ASA to sync the config from the peer. NOTE: This will not trigger a failover, and your Secondary unit will remain as active.
Hope it helps,