When you seperate the HA pair, they try to share the same address (configured failover address) and you may have conflict on the network. One way is to shut the Standby unit , remove from network and change the IPs, it might work for you. When you place it back, reinstate the old state (as secondary) with basic config. It will detect Active unit online and becomes Standby.
Yes, the ip conflict part makes sense. That should not apply here (see below.) I am more concerned with whether there are any licensing issues involved in doing this. The goal is to separate the HA pair and run them as completely independent firewalls temporarily during a large migration project. They would not be connected to any common LAN segments during the migration and would have different IPs. Then once the migration is complete we wipe the ASA connected to the "old" networks, connect it to the "new" networks and reinstate the HA pair, using the wiped ASA as the standby unit.
From what I can see, both ASAs in ah HA pair have identical licenses in v8.x, so the ASAs should not care whether they are configured as standalone or failover units. I just want to make sure there are no gotchas in doing this.
I'm in a similar situation, we currently having a pair of 5510 running in single failover mode, we would like to split them up and add security context license to the 2 separate boxes and mice one of the unit to another site. I'm planning on how to do the initial split. Should I just power off the secondary unit and take it off line then reinstate the configuration so it can run as an independent firewall? And for the active unit, I will remove the failover commands as well so it will become standalone again.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :