https://community.cisco.com/t5/network-security/asa-5525x-active-actulive-issues/m-p/2054441#M398447 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>This is for the security ela license for 2000 firewalls, that enables the ips modules and other features.</P><P></P><P>We found two issues but worked through them, both involved the standby asa: first issue was with the ssh keys dissappearing, second was in the method your provided, when re-enabling failover the standby asa would recalculate its virtual mac address and not send a garp to update to the upstream router.</P><P></P><P>We ended up finding out that the activation key command is not replicated, so we activated the pair through the active asa, "activation-key", then "failover exec mate activation key" to update the standby. We ran a script and it worked on all the asas.</P><P></P><P>Sent from Cisco Technical Support Android App</P></BODY></HTML> Mon, 08 Oct 2012 18:49:48 GMT Tarik Admani 2012-10-08T18:49:48Z https://community.cisco.com/t5/network-security/asa-5525x-active-actulive-issues/m-p/2054439#M398445 <P>Hi</P><P></P><P>I am working on a mass licensing project where I have to upgrade activation keys on over 2000 asas in active active mode. When disabling failover on the active I have noticed 2 issues.</P><P></P><P>The first issue is that the "pseudo-standby" asa destroys its current contexts after I re-enable failover on the primary. This causes all the secondary contexts to recalculate their virtual macs which causes arp issues and with my luck the uplink is a bvi with the default arp timeout set to 4 hours.</P><P></P><P>The second issue is that all the rsa keys are destroyed when the xontexts are regenerated and I have to re issue the crypto key gen......</P><P></P><P>Are these two bugs and should the contexts be updated and not dropped and recreated?</P><P></P><P>Thanks,</P><P>Tarik Admani</P><P></P><P></P><P>Sent from Cisco Technical Support Android App</P> Tue, 12 Mar 2019 00:02:07 GMT https://community.cisco.com/t5/network-security/asa-5525x-active-actulive-issues/m-p/2054439#M398445 Tarik Admani 2019-03-12T00:02:07Z https://community.cisco.com/t5/network-security/asa-5525x-active-actulive-issues/m-p/2054440#M398446 <HTML><HEAD></HEAD><BODY><P>What license is this? Does it require reload or not?</P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/security/asa/asa81/license/license81.html#wp51459">http://www.cisco.com/en/US/docs/security/asa/asa81/license/license81.html#wp51459</A></P><P></P><P>Pls. check if this procedure will work for you.</P><P></P><P>-Kureli</P></BODY></HTML> Mon, 08 Oct 2012 18:35:29 GMT https://community.cisco.com/t5/network-security/asa-5525x-active-actulive-issues/m-p/2054440#M398446 Kureli Sankar 2012-10-08T18:35:29Z https://community.cisco.com/t5/network-security/asa-5525x-active-actulive-issues/m-p/2054441#M398447 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>This is for the security ela license for 2000 firewalls, that enables the ips modules and other features.</P><P></P><P>We found two issues but worked through them, both involved the standby asa: first issue was with the ssh keys dissappearing, second was in the method your provided, when re-enabling failover the standby asa would recalculate its virtual mac address and not send a garp to update to the upstream router.</P><P></P><P>We ended up finding out that the activation key command is not replicated, so we activated the pair through the active asa, "activation-key", then "failover exec mate activation key" to update the standby. We ran a script and it worked on all the asas.</P><P></P><P>Sent from Cisco Technical Support Android App</P></BODY></HTML> Mon, 08 Oct 2012 18:49:48 GMT https://community.cisco.com/t5/network-security/asa-5525x-active-actulive-issues/m-p/2054441#M398447 Tarik Admani 2012-10-08T18:49:48Z