Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

pix 535 failure issue on active atanby configuration while adding interface card

for my one of the setup i have two pix 535 configured in active -standby mode .i want to insert the interface card on both of the firewalll without disturbing any services or rather you can say zero downtime

but acoording to the documents i suspect i could acheive it .

help me  how can i acheive the above

i am thinking first i will change interface card on standby then i will go with active but the problem i suspect after finishing  addition of the card card in standby the failover should have issue as the number of the interfaces could not match on both firewall .so i also suspect i can make the standby to be active forcefully

pls suggest how should i go

  • Firewalling
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: pix 535 failure issue on active atanby configuration while a

As you already guessed this is not possible.

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/ha_overview.html#wp1077521

Pls. refer the above link.  Failover will disable itself when one unit has extra module that the other one doesn't.

Best option is to reload both of them at the same time or shut the sec/standby down, get the card in and get it ready. Then shut the pri/active unit down and fireup the sec/standby unit so it will come up sec/act. Then put the card back in the pri/act unit and fire it back up and it will come up as pri/standby.

You will definitely have a min. of 10-15 min. downtime until the unit reboots.

-KS

1 REPLY
Cisco Employee

Re: pix 535 failure issue on active atanby configuration while a

As you already guessed this is not possible.

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/ha_overview.html#wp1077521

Pls. refer the above link.  Failover will disable itself when one unit has extra module that the other one doesn't.

Best option is to reload both of them at the same time or shut the sec/standby down, get the card in and get it ready. Then shut the pri/active unit down and fireup the sec/standby unit so it will come up sec/act. Then put the card back in the pri/act unit and fire it back up and it will come up as pri/standby.

You will definitely have a min. of 10-15 min. downtime until the unit reboots.

-KS

126
Views
5
Helpful
1
Replies
This widget could not be displayed.