Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)

ASA 5510- Speed and Duplex setting in Failover Mode

Hi All,

Due to some requriement I want to configure speed 100 and duplex - full setting in ASA 5510 with Active/Standby mode

Attached the diagram and i already configured in all switches with speed and duplex ..

How to do this changes speed and duplex in asa without console;

My question :

through telnet -- if you do the changes , my telnet will distrib and it is production setup so need some advice on this.

if i do this changes in active asa , then will it go automatically to seconday firewall  ? plz advice

Primary firewall:

interface e0/0

speed 100

dup full

If not then plz guide the step by step procedures for the same.

Thanks.

8 REPLIES

ASA 5510- Speed and Duplex setting in Failover Mode

Hello ,

Not sure I get it but if you are asking if the configuration for speed and duplex will be replicated the answer is yes, The configuration will be replicated.

Regards

Remember to rate all of the helpful posts.

For this community that's as important as a thanks.

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

ASA 5510- Speed and Duplex setting in Failover Mode

Hi ,

thanks for your valuable update.

do you have any Cisco document which says this !!

Thansk in advance.

ASA 5510- Speed and Duplex setting in Failover Mode

Hi ,

thanks for your valuable update.

do you have any Cisco document which says this "

Physical Interfaces speed and duplex will be replicated from primary to seconday

Thansk in advance.

Super Bronze

Re: ASA 5510- Speed and Duplex setting in Failover Mode

Hi,

If you are attempting to do a speed change for your Failover environment and you dont want to cause outage to the network connections then I would suggest doing the following

  • Configure the Standby ASA physical interface and the connected devices interface to the new speed
  • Confirm that the link is up after the change and there is no problem in connectivity from the Standby to the routers
  • Switch the Standby device to Active
  • Log to the new Standby device (former Active) and do the same changes to it and its connected devices port
  • Confirm that its connectivity is fine after the change
  • Change the Standby back to Active if you want

Do notice that since you are configuring the Standby device all the time it means that the ASA will give a warning message about the configurations not being in sync if you configure the Standby device. This doesnt matter as we are only changing some basic interface configurations and after the change is done the configurations will again match eachother.

I have only had to do this once and even then it was in a hospital environment.

I didnt expirience any outage in network connections following the above steps

Hope this helps

- Jouni

ASA 5510- Speed and Duplex setting in Failover Mode

Hi,

Thanks for the details,

Should i remove the Primary firewall  failover link from standby ?

since u mentioned confirm that the link is up after the change and there is no problem in connectivity from the Standby to the routers

Please let me know what we need to do in active firewall during this changes in standby firewall !

Super Bronze

ASA 5510- Speed and Duplex setting in Failover Mode

Hi,

The idea is to do NO CHANGES on the Active unit.

Since we are doing the changes on the ASA that is Standby it basically means that we are causing NO ISSUES to the traffic. The Active firewall is handling all the connnections through it while we are configuring the Standby device that IS NOT passing traffic.

After we have changes the "speed" setting on the Standby ASA unit and confirmed that it can reach its gateway routers then we can safely change this Standby firewall to Active as it has had its changes done.

Now that we changed the Standy device to Active after the changes to the interface "speed" setting this means that the old Active ASA is now Standby and we can do the same changes on that ASA also wihtout causing any distruption to the traffic through the Failover pair.

- Jouni

ASA 5510- Speed and Duplex setting in Failover Mode

Hi,

Do u mean to say we need to login standby and do the changes and make this as active then we have to make the changes in standby (old active) .

Is it possible to Physical Interfaces speed and duplex set in active firewall the will be

will be replicated to seconday

All the configuration replicated to secondary FW ? So these interfaces changes will replicate or not from primary !

Please confirm!!


Super Bronze

ASA 5510- Speed and Duplex setting in Failover Mode

Hi,

Naturally you could do the changes on the Active device right away and have them be replicated to the Standby device too.

But in that case there is a higher chance that you will cause outage to the network connections.

I for example did these changes with a console connection to the firewalls because we were changing the interface settings of the interface that was used for the management connections. If we had made the changes remotely we would probably have lost our management connection and have to issue commands through the Failover link from the other ASA.

For that purpose there is a command

failover exec mate

With that you should be able to send commands to other device through the Failover link (if no other connection can be made to the other device other than through the Failover link)

I guess either way of doing the change is fine. Its up to you to decide which one to use. Just make sure you dont end up in a situation where you are doing this remotely and loose remote connection to the actual devices completely if the links dont come up.

Please do remember to mark the reply as the correct answer if it answered your question.

- Jouni

1202
Views
10
Helpful
8
Replies
CreatePlease to create content