05-12-2009 02:12 AM - edited 03-11-2019 08:30 AM
If there is a need to remove the standby PIX from active-standby position,what are the specific steps to be followed?
It seems removing the standby's physical connections will suffice , but it is not certain if this could problems to normal traffic pattern,which is to be avoided.
Thanks.
05-12-2009 02:24 AM
According to this:
..it would appear that it is non-disruptive.
05-12-2009 04:04 AM
yes,it seems fine.But is there any particular steps to followed viz. shut off the failover and other interface on standby first, followed by physical removal.
05-12-2009 04:29 AM
'no failover' on Active, then switch off Standby et voila!
05-12-2009 05:40 AM
Thanks.Few more queries:
1.failover status in ASA shows as standby ready for secondary host. Is it correct, shouldnt it be just Standby status?
2.static (inside,dmz) 192.168.21.2 192.168.21.2 netmask 255.255.255.255
What is the meaning of this line.Understand that this is used for static translation when external access is required to services hosted inside the network.But then why are the 2 ip's same?
Thanks.
05-12-2009 05:59 AM
1. I assume you've issued the 'no failover' command? If so, then the standby unit would display a wait state as it can no longer contact the primary.
2. This sort of static 1:1 translation is done to advertise an IP address or IP addresses externally from an inside network. It's the nature of Cisco firewalls. All IP addresses are hidden until you static or NAT them.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide