connect to standby ASA

Unanswered Question
Dec 28th, 2009
User Badges:

Hello, i have 2 5520's running active/standby. How do i connect to the standby unit to load a IOS upgrade with zero downtime? I can ping my standby ip address from the primary/active unit but obviously cannot telnet from there. can i only connect to the standby unit with a console cable? I am not able to ping the standby unit IP from my lan.......


Thanks!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Mon, 12/28/2009 - 09:51
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

jwilder wrote:


Hello, i have 2 5520's running active/standby. How do i connect to the standby unit to load a IOS upgrade with zero downtime? I can ping my standby ip address from the primary/active unit but obviously cannot telnet from there. can i only connect to the standby unit with a console cable? I am not able to ping the standby unit IP from my lan.......


Thanks!


It's probably a routiing issue. When you say you cannot connect from your LAN is your LAN address on a different subnet than the ASA standby address ? If so you need either -


1) routing on the standby ASA to get to remote networks. Note if you had a defaultg static route on the primary the standby should have it too. If you are using dynamic routing on the firewalls the standby only gets the routes when the primary fails.


or


2) use a machine on the same subnet as the ASA standby address.


Jon

jwilder Mon, 12/28/2009 - 09:54
User Badges:

we are using dynamic routing, so that would explain the issue. I guess i will have to connect up to the local interface. hopefully that will work.....


can the management interface be configured for this type of connection then?



Thanks,

Jeff

Jon Marshall Mon, 12/28/2009 - 09:58
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

jwilder wrote:


we are using dynamic routing, so that would explain the issue. I guess i will have to connect up to the local interface. hopefully that will work.....


can the management interface be configured for this type of connection then?



Thanks,

Jeff


Jeff


Not sure as i have never done that, i just use the inside interface for these sort of things. You could add a static route to the primary for your subnet which would then get propagated to the standy which would temporarily give you access but you would need to be careful you didn't mess up your routing obviously.


Jon

Actions

This Discussion