Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3119
Views
0
Helpful
4
Replies

Upgrade firmware and ASDM image on standby units

Difan Zhao
Level 5
Level 5

‎02-18-2010 04:21 PM - edited ‎03-11-2019 10:12 AM

Greeting guys,

I am trying to update the firmware on the ASA 5510. I copied the image to flash by using tftp and it seems it only got copied to the Active device, but not the standby one. I am using Active/Standby failover. How do I copy the image to the standby unit? Do I simply just make the standby the active one and copy again? Is there a best practice about how to update the firmware and ASDM image on ASAs in failover setup? Thank you!

Difan

Labels:
0 Helpful
4 Replies 4

nsn-amagruder
Level 5
Level 5

‎02-18-2010 06:48 PM

The standby unit will have an IP Address used for management (usually the m0/0) interface.  Use ASDM to access this ip address and use the file transfer utility in ASDM to upload the new code and asdm image.

It doesn't sync file systems, just configs and state information (if configured).

0 Helpful

Difan Zhao
Level 5
Level 5
In response to nsn-amagruder

‎02-23-2010 01:45 PM

So I have to use management interface then?? The ASAs were originally setup by somebody else who has left. He didn't use management interfaces at all...

Is there a another way to use existing inside, failover or stateful link to access the standby device? The ASA is actually not located geographically close to me so it's not easy for me to connect and configure the management interfaces...

Thank you!

0 Helpful

Gatling_uk
Level 1
Level 1
In response to Difan Zhao

‎02-24-2010 02:12 AM

How do you connect to the primary unit remotely?

If you are using the ASDM and connecting to either the outside or inside interface, do a "sh run int" and get the standby ip associated with that interface and you should be able to manage the secondary device on that IP. If you want to manage the secondary by SSH and it is already enabled on the primary, you will have to generate a keypair on the secondary using the ASDM

If you manage your primary device with SSH, you will have to SSH to the primary, enable ASDM access on either the outside or inside interface of the secondary unit, use the ASDM to generate a keypair, then you should be able to SSH to the secondary device using the standby IP.

To manage the secondary device using SSH you need to have a keypair generated on there, it is not replicated as part of the failover process as it is unique to each device.

If that doesn't make sense to you, let me know and I'll break it down further.

Chris

0 Helpful

ANTONIO QUESADA
Level 1
Level 1

‎11-12-2015 08:07 AM

Something that has worked just fine for me is:

1) I setup a quick and dirty http or tftp server and upload the files(s) to it.

2) I SSH to the active only (though it is good practice to have a keypair on both units, I do not SSH to the standby for this procedure).

2.a) make sure there is enough space on both devices:

2.a.1) dir disk0:   for active

2.a.2) failo exec mate dir disk0: for standby

2.b) IF neccesary, delete not neeed to make space files. Delete command in active shall also delete files in standby funny enough.

3) From the command line I do a

3.a) copy http://server.ip.address/path.to.file disk0:  and follow the prompts and this copies to active.

3.b) failo exec mate copy /noconfirm http://server.ip.address/path.to.file disk0:  and copies to standby

you can even do the

  "make sure there is space"  portion of the procedure from the file manager in ASDM

and then both copy commands from the

command line interface in ASDM.

Have a great Day and Merry Christmas!!

AQ

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card