Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA Failover

Daear All,

I have two ASA device configured with Active/Standby failover configuration.

Now the Standby unit is active and Primary unit is in standby ready state.

If I enter write standby command in standby unit which is currently active will it rewrite the configuration of primary unit which is in standby ready state.

Hope I explained clearly. Refer the attachment.

Regards

Balajirajah P B

  • Firewalling
4 REPLIES

Re: ASA Failover

Hi,

When you issue the write standby command it will write the configuration stored in the RAM of the active failover unit to the RAM on the standby unit.

So the answer is yes... no matter which ASA is the primary or secondary, the write standby will copy the running-config from the active unit to the standby unit.

If for any reason both units have different configurations, you should use that command to sync the config.

The write standby will not save the config to flash, it will only copy the config to the running-config of the standby unit.

Federico.

Cisco Employee

Re: ASA Failover

To clarify it, you should do "write standby" on the ACTIVE unit and that will wipe the standby unit config and send it over.

So, do it on the active unit .

I hope it helps.

PK

New Member

Re: ASA Failover

Thanks. I'm getting following error.

ASA# write standby
Building configuration...
Configuration can only be replicated from the Active unit.
[FAILED]

        This host: Primary - Active
                Active time: 35246599 (sec)
                slot 0: ASA5520 hw/sw rev (2.0/8.0(4)) status (Up Sys)
                  Interface INSIDE (x.x.x.x): Normal (Waiting)
                  Interface PROD (x.x.x.x): Normal (Not-Monitored)
                  Interface DEVDMZ (x.x.x.x): Normal (Not-Monitored)
                  Interface DEV (x.x.x.x): Normal (Not-Monitored)
                  Interface DMZ (x.x.x.x): Normal (Not-Monitored)
                  Interface PAHOLABMANAGER (x.x.x.x): Normal (Not-Monitored)
                  Interface TRANSIT (x.x.x.x): Normal (Not-Monitored)
                  Interface OUTSIDE (x.x.x.x): Normal (Not-Monitored)
                slot 1: empty
        Other host: Secondary - Sync Config
                Active time: 0 (sec)
                slot 0: ASA5520 hw/sw rev (2.0/8.0(4)) status (Up Sys)
                  Interface INSIDE (x.x.x.x): Unknown (Waiting)
                  Interface PROD (x.x.x.x): Unknown (Not-Monitored)
                  Interface DEVDMZ (x.x.x.x): Unknown (Not-Monitored)
                  Interface DEV (x.x.x.x): Unknown (Not-Monitored)
                  Interface DMZ (x.x.x.x): Unknown (Not-Monitored)
                  Interface PAHOLABMANAGER (x.x.x.x): Unknown (Not-Monitored)
                  Interface TRANSIT (x.x.x.x): Unknown (Not-Monitored)
                  Interface OUTSIDE (x.x.x.x): Unknown (Not-Monitored)
                slot 1: empty

Regards

Balajirajah P B

Cisco Employee

Re: ASA Failover

Yes, it is strange. You did the "wr standby" on the active unit from what I am seeing right?

The issue is probably because the standby is stuck in a state where it thinks it is synching config. Another thing to try is to reboot the standby and have him synch config when it comes back and also do a "wr standby". It should not affect traffic because the actives is still going to stay active while the standby is rebooting.

I hope it helps.

PK

572
Views
0
Helpful
4
Replies
This widget could not be displayed.