First disconnect both servers from the cluster. After that perform an upgrade (follow the upgrade instructions) on both machines. After the upgrade of BOTH machines connect the machines to the cluster again.
When upgrading here AsyncOS 7.1.0 for our C160 cluster, we noticed that TLS certificate settings were reseted. TLS certs are managed different way in the new rekease. After the upgrade, you must go to GUI menu Network -> Certificates, and see that they are ok. Perhaps Submit and Commit afterwards. After that, you must select proper certificate for your listener via Network -> Listeners -> MailInterface -> Certificate.
Ironport cluster is only for configuration sync and not for load balancing.
DNS round-robin helps making C-series HA cluster somehow load balanced as well. So you have C-series cluster, say mxnode1 and mxnode2.
@ IN MX 10 mxcluster.corp.local.
mxcluster IN A 192.168.0.1
IN A 192.168.0.2
mxnode1 IN A 192.168.0.1
mxnode2 IN A 192.168.0.2
In TLS certificate, use CN=mxcluster.corp.local and subjectAltName=DNS:mxnode1.corp.local,DNS:mxnode2.corp.local
For SMTP smarthost relay clients, use mxcluster.corp.local.
Now, both incoming internet mail traffic and outgoing relayed mail traffic is being equally distributed along those two C-series node servers. Been here in service provider like production environment for almost an year without any problems. Sure using dirfferent ip addressing, domain namespace and TLS certificate properties, but the idea is above. Using openssl pressend self-signed TLS certificates.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :