Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA5520 OS upgrade problem

I have 2 5520's in active standby mode which I upgraded the OS's on from 7.0 >7.2. I upgraded the failover unit first and when it came back it told me it couldn't talk to peer. Which I assumed was normal until I upgraded the other 1. After upgrading the 2nd I was still getting these messages and I am not in failover mode amnymore. Is there any way to force synchronization or at the least see what is out of synch so I can do it manually?



Re: ASA5520 OS upgrade problem

What's the current config of both ASA looks like?

New Member

Re: ASA5520 OS upgrade problem

I compared the 2 configs pretty cloesly.

There are 3 SNMP-server commands on the "active" machine that aren't in the "Standby" Other than that the "cryptochecksum" at the end of the config is different on each, I assume that's normal. The config on the Normally active FW shows that in "Failover lan unit PRIMARY" and the other says "SECONDARY".

Now it may be important to ad that in order to do the upgrade on the Secondary FW I added incorrectly the "config-register 0x2" command and the "boot system flash:filename" command. The config-reg command caused me to boot to rommon as it was an incorrect command and I manually told it to boot to the image. Subsequent reloads then went correctly. On the Primary machine I just added the bootsystem command. The config-reg command is not part of the config any longer on the secondary.


Re: ASA5520 OS upgrade problem

Disconnect your failover and re-apply the failover config portion to each respective unit. Afterwards, power off your standby, plug everything back in, then power it back on.

Hope this helps.