Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
618
Views
0
Helpful
6
Replies

Interface reconfiguration in a Active/Passive Failover

sgalloway
Level 1
Level 1

‎12-21-2011 09:16 PM - edited ‎03-11-2019 03:05 PM

Hi,

Currently l have two ASA 5520's in a active/passive failover scenario.  Currently the interfaces for the inside and outside are fixed at 100/FULL.

I want to repatch them into GigE ports setup as Auto Negotiate.

Is there anyway of keeping the connections through the firewall active in this type of scenrio or will l have downtime disconnecting and repatching ?  or could l possibly disable failover and reconfigure each ?

Sg

Labels:
0 Helpful
6 Replies 6

Julio Carvajal
VIP Alumni
VIP Alumni

‎12-21-2011 09:32 PM

Hello,

If they are on a failover cluster, I would do the changes to one unit first ( the secondary) and as soon as the secondary is up and running again I will set it as the active one and then I will make the same changes for the other unit ( the one that was previously the active one)

That should satisfy your needs.

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

sgalloway
Level 1
Level 1
In response to Julio Carvajal

‎12-21-2011 09:36 PM

Hey Julio,

How would l reconfigure the Secondary if it is in failover ?  would l have to disable failover and then reconfigure the interfaces on the secondary to AUTO and then repatch into the gigE port ?

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni
In response to sgalloway

‎12-21-2011 09:50 PM

Hello,

That is correct, but your network will keep being up and running, so there is no downtime.

The problem would be when you come back because now that I analize it more, you will not be able to configure Failover as the interfaces are different. so that would be a problem.

You will have a little downtime, so it would be better to get a maintainance window for your network.

Regards,

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

sgalloway
Level 1
Level 1
In response to Julio Carvajal

‎12-21-2011 09:56 PM

Cheers Julio

I will do the following :

re-patch secondary interfaces into new gigE Ports

reconfigure primary interfaces to AUTO and re-patch into gigE Ports..

As you have said l will experience a small outage window during the period reconfiguration of the Primary..

Thanks for your assistance..

SG

0 Helpful

sgalloway
Level 1
Level 1
In response to sgalloway

‎12-21-2011 10:08 PM

actually could l do a "no failover"  on the primary and then reconfigure the Secondary ASA's interfaces and repatch and then make the secondary the Primary "active" and re-enable failover inturn replicating the config to the old Primary ?

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni
In response to sgalloway

‎12-21-2011 10:19 PM

Hello,

That is what I though at the beggining, but when you will have on the secondary gigabit ethernet interfaces and on the primary fast ethernet so failover will not work.

Please rate helpful posts.

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card