ASA-SSM-20 on active failover configuration

Answered Question
Mar 10th, 2009

Can you synchronize the configuration data between two IPS systems?

I have two ASA-SSM-20 (6.1.1 E3) one in each of my ASA's. The ASA's are in active failover. When configuring on IPS module I always have to also make those same changes in the stand-by unit. Is there a way to sync these two IPS's up so when one is configured the other is updated?

Many thanks

I have this problem too.
0 votes
Correct Answer by marcabal about 7 years 8 months ago

Unlike the ASA there is not an automatic feature to keep the configuration in sync across the 2 SSMs.

Some options:

You can use the copy command to copy the configuration from one sensor to an ftp/scp server.

Then use the copy command on the second sensor to copy the configuration onto the second sensor. During the copy it will ask whether or not to change the sensor's IP to what is in the configuration file. You will need to tell it to NOT change the sensor's IP, otherwise you would wind up with 2 SSMs with the same IP and have trouble connecting to them.

Another option is to use CSM. CSM has configuration that applies to single sensors, but also has group configuration that can be applied across multiple sensors.

If you used the group configuration, then you could make a single change at the group configuration and apply it across all sensors in the group (you would place your 2 SSMs into the same group).

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
marcabal Tue, 03/10/2009 - 07:01

Unlike the ASA there is not an automatic feature to keep the configuration in sync across the 2 SSMs.

Some options:

You can use the copy command to copy the configuration from one sensor to an ftp/scp server.

Then use the copy command on the second sensor to copy the configuration onto the second sensor. During the copy it will ask whether or not to change the sensor's IP to what is in the configuration file. You will need to tell it to NOT change the sensor's IP, otherwise you would wind up with 2 SSMs with the same IP and have trouble connecting to them.

Another option is to use CSM. CSM has configuration that applies to single sensors, but also has group configuration that can be applied across multiple sensors.

If you used the group configuration, then you could make a single change at the group configuration and apply it across all sensors in the group (you would place your 2 SSMs into the same group).

Actions

This Discussion