I've been thinking of 2 scenarios that could happen and I woud like to be ready. If a config error was made on our ASA (we have 2 in active/standby mode) what is the best way to recover assuming we have a tftp backup or local flash copy? I know their is a config replace option on routers/switches that will compare the running config and the tftp/local copy and then replace the changes to get you back online without a reload.
Also if we had to replace one of the ASA as it was faulty, I guess I would tftp the config but what abount the license keys?
If the mistake is not small enough that you can simply undo the commands with "no ___" then copy the backup file to running-config and write mem to further copy it into the startup-config. Local flash copy will always be faster than tftp but either is of course erasable as well. I'd start with a local copy if available and then fall back to a remote copy where it's not.
The license keys (technically activation keys on an ASA) need to be generated for you by the TAC in the event of an RMA. Of course if the non-failed unit has the necessary licenses (in 8.3+) you don't also need to add them on the replacement unit as a HA pair shares most licenses (with a few exceptions like Security Plus which is a prerequisite to even enable failover on a 5505 or 5510 or 5512-X).
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :