i have a asa5520 acting as the main firewall, and asa5510 acting as the backup firewall. if and when the 5520 goes down, i can turn it off and power up the 5510. (failover is not setup since 5510 does not support it).
aside from the obvious differences in interface names (e.g. on 5520, its call FastEthernet, but on 5510, its call Ethernet), can I simply take the config from the 5520, modify it so the 5510 will understand it (like replace FastEthernet with Ethernet in the config), then TFTP the modified config to 5510?
You will need to re-enter the clear text passwords, radius keys, ssh keys, etc. You can open the 5520 config, put the passwords in the correct place and save the file. Then copy tftp and enter copy flash:/config-file running. This will add all the commands in the file to the running config. No matter what though, you will have to generate new SSH keys.
yes, we have the security plus license installed on the 5510. however, our main asa is a 5520. my understanding is that failover, regardless of A/A or A/S, only works on 2 identical hardware. can i setup failover between my 5510 and 5520?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...