New Secondary ASA install process question

Unanswered Question
May 3rd, 2010
User Badges:

Hello


I have 2 asa 5550's v8.2 in an active/standby config, our secondary failed and we have a new RMA unit from cisco.  After MUCH stress from tac getting the right feature set on it I am taking another stab tomorrow morning using the following procedure.


Commands on primary

failover (is currently disabled)



Commands on secodary

failover lan interface fail g1/0

failover interface ip fail 192.168.25.2 255.255.255.248 standby 192.168.25.2

int g1/0 no shut

failover lan unit secondary

failover

copy run start





Question, in v8.2 do I need to run a "write standby"?


Going off of http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/ha_active_standby.html#wp1107287 I dont see a write standby in there as part of the secondary procedure.


Also, if this is a production firewall will this disrupt traffic on the primary unit even if the intention is the primary will stay the primary?


thanks

e-

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Federico Coto F... Mon, 05/03/2010 - 09:02
User Badges:
  • Green, 3000 points or more

Hi,


The ''write standby'' is only if you manually want to synchronize the active configuration to the standby unit. It is not mandatory.


Federico.

Jon Marshall Mon, 05/03/2010 - 12:24
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Also, if this is a production firewall will this disrupt traffic on the primary unit even if the intention is the primary will stay the primary?


No it should not affect the primary firewall even if you issue a write standby altho as Federico says you don't actually need to. As always if possible do this out of core production hours.


Jon

Actions

This Discussion