Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
645
Views
0
Helpful
4
Replies

ASA 5510 context active/active change configuration

Go to solution
mhv000001
Level 1
Level 1

‎08-19-2014 06:00 AM - edited ‎03-11-2019 09:39 PM

Hi
We have two ASA 5510 running active/active cluster with two contexts.


When I login in the ASDM the admin context is active, but when I change to the second context its status it Standby. If I do a configuration change to the standby context will, the settings then be transferred to the active ASA?
I have the same problem if I telnet to the ASA where the second context is standby, can I make changes in here and are they replicated to the active or do I need to telnet to the active ASA?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
SANTHOSHKUMAR SARAVANAN
Level 4
Level 4

‎08-19-2014 06:50 AM

Hi ,

 For your case , Instead using active IP address of management interface or ASDM interface , use standy IP address of management interface or ASDM standby interface to login to firewall from there you choose your context which will be active . 

Command Replication

After both units are running, commands are replicated from one unit to the other as follows:

Commands entered within a security context are replicated from the unit on which the security context appears in the active state to the peer unit.

Note A context is considered in the active state on a unit if the failover group to which it belongs is in the active state on that unit.

Commands entered in the system execution space are replicated from the unit on which failover group 1 is in the active state to the unit on which failover group 1 is in the standby state.

Commands entered in the admin context are replicated from the unit on which failover group 1 is in the active state to the unit on which failover group 1 is in the standby state.

Failure to enter the commands on the appropriate unit for command replication to occur causes the configurations to be out of synchronization. Those changes may be lost the next time the initial configuration synchronization occurs.

 

HTH

Sandy

View solution in original post

0 Helpful
4 Replies 4

Go to solution
SANTHOSHKUMAR SARAVANAN
Level 4
Level 4

‎08-19-2014 06:50 AM

Hi ,

 For your case , Instead using active IP address of management interface or ASDM interface , use standy IP address of management interface or ASDM standby interface to login to firewall from there you choose your context which will be active . 

Command Replication

After both units are running, commands are replicated from one unit to the other as follows:

Commands entered within a security context are replicated from the unit on which the security context appears in the active state to the peer unit.

Note A context is considered in the active state on a unit if the failover group to which it belongs is in the active state on that unit.

Commands entered in the system execution space are replicated from the unit on which failover group 1 is in the active state to the unit on which failover group 1 is in the standby state.

Commands entered in the admin context are replicated from the unit on which failover group 1 is in the active state to the unit on which failover group 1 is in the standby state.

Failure to enter the commands on the appropriate unit for command replication to occur causes the configurations to be out of synchronization. Those changes may be lost the next time the initial configuration synchronization occurs.

 

HTH

Sandy

0 Helpful

Go to solution
mhv000001
Level 1
Level 1
In response to SANTHOSHKUMAR SARAVANAN

‎08-20-2014 03:52 AM

Hi Sandy
Thanks for the reply.
Will this say I need to connect to the firewall there is active for the failover group, before I do any configuration change?
Is there a way I can administer all context from within the same ASDM and telnet session?

 

0 Helpful

Go to solution
SANTHOSHKUMAR SARAVANAN
Level 4
Level 4
In response to mhv000001

‎08-20-2014 10:34 AM

Hi ,

Will this say I need to connect to the firewall there is active for the failover group, before I do any configuration change? - Yes 

Is there a way I can administer all context from within the same ASDM and telnet session? - From same ASDM you can connect to active context by using appropriate IP address

 

HTH

Sandy

 

 

0 Helpful

Go to solution
mhv000001
Level 1
Level 1
In response to SANTHOSHKUMAR SARAVANAN

‎08-21-2014 12:56 AM

Hi,
We have for a while made the changes connected to the ASDM where context two is standby, and it looks like the settings have been replicated to the active, how is this?
I have compared the settings yesterday and they are identical.

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card