How to add licenses to ASA failover pair without downtime?

Unanswered Question
Mar 15th, 2010

Hi

I have a pair of ASA 5510:s (single context, routed mode) on which I need to add SSLVPN-licences. How do I do that without causing downtime? What happens if I add the license to the primary first, will it break failover?

Any recommendations?

Br Jimmy

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Gatling_uk Mon, 03/15/2010 - 04:54

Hello,

There is no way to do this without breaking the failover, but there should be no downtime involved.

Just apply the new license to both (after applying to the first you will get the message stating that failover has been disabled). You should then see failover state on the secondary device as "Secondary (pseudo-standby)".

Go back to the primary and activate failover again:

ciscofirewall(config)#failover

You should then see the message stating config is being replicated to secondary device.

Let me know if you need any further info.

Chris

Actions

This Discussion