i would like to know if the firewall is configured in failover and if i am changing the speed or duplex of any data interface (eg:gig0/1) of the unit acting as Active , will it get replicated to standby unit ? Also , if it doesnot gets replicated , will any of the units will give a warning stating that "interface is not in sync with each other ".
Also if i am changing the speed / duplex of a particular interface in the active unit , will the connections continue to traverse across or is it like that they would come to halt or teardown due to interface parameters being changed . what i mean over here is will changing the parameters will do a kind of shut and unshut the interface for that moment ?
As commands are entered in the active ASA, the commands should be replicated on the standby unit. The following is mentioned in the configuration guide:
Command replication always flows from the active unit to the standby unit. As commands are entered on the active unit, they are sent across the failover link to the standby unit. You do not have to save the active configuration to Flash memory to replicate the commands.
So changing the interface parameters on the active ASA should be replicated to the standby unit.
Changing the duplex or speed of the interface will not perform a shut/no shut on the interface, but it will interrupt traffic since the interface will try to detect the settings of the switchport it's connected to and renegotiate. For example, if the switchport is configured for auto duplex, and on the ASA you switch the duplex setting from full duplex to half duplex, a little time is needed for the switchport interface to negotiate to half duplex in order to match the ASA.
Therefore, it's probably best to make these changes after hours or during a maintenance window.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :