I might be missing something but wouldn't it be better to start with the Primary unit?
I mean if you have a configured ASA to which you want to attach a failover pair, it would be better to configure the original ASA with all the failover configurations and activate the failover.
After the Primary ASA has detected that is has no "failover mate" it should be in active state. Now you could configure the ASA with no configurations with failover configurations, activate the failover and connect the Failover pair physically. After the ASA should see their failover pairs and the Prmary ASA with the configurations would replicate them to the blank Secondary ASA.
I have not saved the config to flash, but from what I know this should not matter.
I have today done the same configuration on both the ASA in my lab and works perfect.
The problem is, I have heard other people who also experience the same issue, but know one seems to know why.
In my current setup, I can issue failover in any order and the ASA know which is the active mate. But yesteday the ASA copyied the configuration from the secondary firewall thinking that it was active when it was the other device.
I would like to know what determines tha ASA to know its the active mate?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :