I would like to ask you about ASA in acitve/pasive failover mode and certificate. So, I have a problem with certificate which is in running-config on active ASA, but ceritficate in not on passive node. When I use wr mem or copy runnig-config startup-config nothing happen on passive node. What is wrong? Can you help me.
Certificates are copied over by default. Not sure what you're reporting here - I would need more details.
the reason your SVC commands aren't showing up is because the commands are replicated, however, the files they reference aren't in the flash on the secondary (package files are *not* replicated from one device to another), and like all commands, if you reference a file that doesn't exist, then the command gets removed.
I will then upload the PKG-Files and XML-Profiles to the secondary unit.
But it remains the certificate problem. When i make a "diff" between the config of the primary unit and the secondary unit, the certificate block (trustpoint, certificate and the complete chain) only shows up in the primary config. Theres nothing visible in the standby unit's running config.
And when doing a failover, the certificate is not on the standby unit. I've read a posting in this forum, that confirms you have to install the certificate on both units:
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :