Hi Mike,I tried that as well.

tripley · ‎03-25-2014

I'm not sure if this is expected behavior or not. I want to make sure I didn't configure something wrong.

We're running two ASA Service Modules in Active/Active. Here's the setup

ASA1 - Primary Active

ASA2 - Secondary Standby

ASA1 - Context X Primary Active - Context Y Secondary Standby

ASA2 - Context X Secondary Standby - Context Y Primary Active

If I login to ASA2 and run any commands in Context Y, it runs them with the "failover exec" prepended. Does that sound right? Even though ASA2 is Standby from an "admin" context point of view, shouldn't Context Y be primary and active? I can confirm that it is active from the "show failover" perspective.

What am I doing wrong?

Tyler

Mike Williams · ‎03-25-2014

Hi Tyler,

From a device standpoint, you have an active device and a standby device, regardless of how the contexts are configured. With the ASA, all configuration is done on the primary device (not context) and replicated to the secondary device. That explains the behavior you are seeing.

Regards,

Mike

UPDATE:

I was mistaken, at least for version 3.2 according to this: http://www.cisco.com/c/en/us/td/docs/security/fwsm/fwsm32/configuration/guide/fwsm_cfg/fail_f.html#wp1048998. The config is sync'd from the active context to the standby context.

tripley · ‎03-26-2014

Hi Mike,

I tried that as well. I logged into ASA1 and saved the config on Context Y and it still sends "failover exec write mem".

We're running ASA code 9.1(2) and ASDM 7.1(4).

Tyler

ASDM issuing failover exec on the Primary Context