Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA-SSM-20 on active failover configuration

Can you synchronize the configuration data between two IPS systems?

I have two ASA-SSM-20 (6.1.1 E3) one in each of my ASA's. The ASA's are in active failover. When configuring on IPS module I always have to also make those same changes in the stand-by unit. Is there a way to sync these two IPS's up so when one is configured the other is updated?

Many thanks

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: ASA-SSM-20 on active failover configuration

Unlike the ASA there is not an automatic feature to keep the configuration in sync across the 2 SSMs.

Some options:

You can use the copy command to copy the configuration from one sensor to an ftp/scp server.

Then use the copy command on the second sensor to copy the configuration onto the second sensor. During the copy it will ask whether or not to change the sensor's IP to what is in the configuration file. You will need to tell it to NOT change the sensor's IP, otherwise you would wind up with 2 SSMs with the same IP and have trouble connecting to them.

Another option is to use CSM. CSM has configuration that applies to single sensors, but also has group configuration that can be applied across multiple sensors.

If you used the group configuration, then you could make a single change at the group configuration and apply it across all sensors in the group (you would place your 2 SSMs into the same group).

1 REPLY
Cisco Employee

Re: ASA-SSM-20 on active failover configuration

Unlike the ASA there is not an automatic feature to keep the configuration in sync across the 2 SSMs.

Some options:

You can use the copy command to copy the configuration from one sensor to an ftp/scp server.

Then use the copy command on the second sensor to copy the configuration onto the second sensor. During the copy it will ask whether or not to change the sensor's IP to what is in the configuration file. You will need to tell it to NOT change the sensor's IP, otherwise you would wind up with 2 SSMs with the same IP and have trouble connecting to them.

Another option is to use CSM. CSM has configuration that applies to single sensors, but also has group configuration that can be applied across multiple sensors.

If you used the group configuration, then you could make a single change at the group configuration and apply it across all sensors in the group (you would place your 2 SSMs into the same group).

730
Views
0
Helpful
1
Replies