×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

ASA Failover Pair

Answered Question
Aug 28th, 2012
User Badges:

Hi Guys,

I have ASA pair with Active /Standby. Last time as per requirement I failed over the asa from active (ASA1 ) to standby (ASA 2) by applying the command " no failover active " on the primary unit (ASA 1 ). and which made the sec ASA 2 as active.

No I want to make the primary ASA 1 as active again . So to accomplish this which on the below step I have to do


1. no failover active" on the sec ASA 2 --- will this make the ASA 1 as active. ( as I already removed the command no failover active on the prim ASA 1 for the first failover )


2.Failover active " on the primary ASA 1 ---( do I need to do this through console of ASA 1 as I cannot access the ASA 1 directly )


So please let me know the procedure in this scenario .

Appreciate your advice

Thanks

Correct Answer by Marvin Rhoads about 4 years 11 months ago

"failover active" and "no failover active" are exec commands and not configuration file settings.


To failover an HA pair, one executes either the former command on the standby unit or the latter command on the active unit. Their configurations remain the same - only their failover states will change.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Julio Carvajal Tue, 08/28/2012 - 14:25
User Badges:
  • Purple, 4500 points or more

Hello,


You could do it the same way than before, no failover active on the secondary that is now active

Both of them will work


Regards,


Julio

Marvin Rhoads Tue, 08/28/2012 - 19:30
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,
  • Cisco Designated VIP,

    2017 Firewalling, Network Management, VPN

As Julio said; plus I would add that you should have standby IP addresses set up which can be used to access the standby unit. Management interfaces can / should also be usable for this purpose (logging into standby unit)

cisconell Tue, 08/28/2012 - 23:28
User Badges:

Thanks Julio and Marvin. My doupt was , when I did the first failover from ASA 1 to 2 . I removed "no failover active "


and second time I removing this command from ASA 2 to make ASA 1 as active "no failover active "

So I am woundering how the ASA 1 know it should be come active , as we already removed the line ""no failover active " and we are not adding it back on ASA 1 to make it active .

Or is that when when we remove " no failover active " from the active ASA"   failover active" will automaticlly get added to the standby ASA ?

Thanks

Correct Answer
Marvin Rhoads Wed, 08/29/2012 - 07:58
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,
  • Cisco Designated VIP,

    2017 Firewalling, Network Management, VPN

"failover active" and "no failover active" are exec commands and not configuration file settings.


To failover an HA pair, one executes either the former command on the standby unit or the latter command on the active unit. Their configurations remain the same - only their failover states will change.

cisconell Wed, 08/29/2012 - 22:10
User Badges:

Alright got it .Thanks a lot. Any way let me try  this out and update you guys

Actions

This Discussion