Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Sync config b/w different location stand alone firewalls

i am looking for a solution as I have two ASA firewalls at different locations and both are single routed mode firewwalls. One is sitting just in case the main site fails it will use as the backup internet point for whole network. But I need to find a solution so that changes made to the main HQ firewall will reflect automatically on the 2nd DR node.

Looking forward for your suggestions ans thoughts.

Thanks,

  • Firewalling
1 REPLY
Silver

Sync config b/w different location stand alone firewalls

Hi Khalid,

The ASAs cannot replicate configs between two different devices (which are not in failover or clustered).

Therefore, you would need an external solution.  This could be using something like CSM, to deploy the same policy to both boxes, or you could script it.

A script would probably log into your primary box, download the config, and then parse the security policies (ACLs, NAT, inspections, etc)... then log into the secondary box, remove the security policy and apply the same one from the primary.

I hope it helps,

David.

141
Views
0
Helpful
1
Replies