08-19-2014 06:00 AM - edited 03-11-2019 09:39 PM
Hi
We have two ASA 5510 running active/active cluster with two contexts.
When I login in the ASDM the admin context is active, but when I change to the second context its status it Standby. If I do a configuration change to the standby context will, the settings then be transferred to the active ASA?
I have the same problem if I telnet to the ASA where the second context is standby, can I make changes in here and are they replicated to the active or do I need to telnet to the active ASA?
Solved! Go to Solution.
08-19-2014 06:50 AM
Hi ,
For your case , Instead using active IP address of management interface or ASDM interface , use standy IP address of management interface or ASDM standby interface to login to firewall from there you choose your context which will be active .
After both units are running, commands are replicated from one unit to the other as follows:
•Commands entered within a security context are replicated from the unit on which the security context appears in the active state to the peer unit.
Note A context is considered in the active state on a unit if the failover group to which it belongs is in the active state on that unit.
•Commands entered in the system execution space are replicated from the unit on which failover group 1 is in the active state to the unit on which failover group 1 is in the standby state.
•Commands entered in the admin context are replicated from the unit on which failover group 1 is in the active state to the unit on which failover group 1 is in the standby state.
Failure to enter the commands on the appropriate unit for command replication to occur causes the configurations to be out of synchronization. Those changes may be lost the next time the initial configuration synchronization occurs.
HTH
Sandy
08-19-2014 06:50 AM
Hi ,
For your case , Instead using active IP address of management interface or ASDM interface , use standy IP address of management interface or ASDM standby interface to login to firewall from there you choose your context which will be active .
After both units are running, commands are replicated from one unit to the other as follows:
•Commands entered within a security context are replicated from the unit on which the security context appears in the active state to the peer unit.
Note A context is considered in the active state on a unit if the failover group to which it belongs is in the active state on that unit.
•Commands entered in the system execution space are replicated from the unit on which failover group 1 is in the active state to the unit on which failover group 1 is in the standby state.
•Commands entered in the admin context are replicated from the unit on which failover group 1 is in the active state to the unit on which failover group 1 is in the standby state.
Failure to enter the commands on the appropriate unit for command replication to occur causes the configurations to be out of synchronization. Those changes may be lost the next time the initial configuration synchronization occurs.
HTH
Sandy
08-20-2014 03:52 AM
Hi Sandy
Thanks for the reply.
Will this say I need to connect to the firewall there is active for the failover group, before I do any configuration change?
Is there a way I can administer all context from within the same ASDM and telnet session?
08-20-2014 10:34 AM
Hi ,
Will this say I need to connect to the firewall there is active for the failover group, before I do any configuration change? - Yes
Is there a way I can administer all context from within the same ASDM and telnet session? - From same ASDM you can connect to active context by using appropriate IP address
HTH
Sandy
08-21-2014 12:56 AM
Hi,
We have for a while made the changes connected to the ASDM where context two is standby, and it looks like the settings have been replicated to the active, how is this?
I have compared the settings yesterday and they are identical.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: