New Secondary ASA install process question

Eric Hansen · ‎05-03-2010

Hello

I have 2 asa 5550's v8.2 in an active/standby config, our secondary failed and we have a new RMA unit from cisco. After MUCH stress from tac getting the right feature set on it I am taking another stab tomorrow morning using the following procedure.

Commands on primary

failover (is currently disabled)

Commands on secodary

failover lan interface fail g1/0

failover interface ip fail 192.168.25.2 255.255.255.248 standby 192.168.25.2

int g1/0 no shut

failover lan unit secondary

failover

copy run start

Question, in v8.2 do I need to run a "write standby"?

Going off of http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/ha_active_standby.html#wp1107287 I dont see a write standby in there as part of the secondary procedure.

Also, if this is a production firewall will this disrupt traffic on the primary unit even if the intention is the primary will stay the primary?

thanks

e-

Federico Coto Fajardo · ‎05-03-2010

Hi,

The ''write standby'' is only if you manually want to synchronize the active configuration to the standby unit. It is not mandatory.

Federico.

Jon Marshall · ‎05-03-2010

Also, if this is a production firewall will this disrupt traffic on the primary unit even if the intention is the primary will stay the primary?

No it should not affect the primary firewall even if you issue a write standby altho as Federico says you don't actually need to. As always if possible do this out of core production hours.

Jon