https://community.cisco.com/t5/network-security/failover-questions/m-p/2064685#M399586 <HTML><HEAD></HEAD><BODY><P>Thanks Varun!</P></BODY></HTML> Mon, 10 Sep 2012 14:48:41 GMT CSCO11733516 2012-09-10T14:48:41Z https://community.cisco.com/t5/network-security/failover-questions/m-p/2064683#M399584 <P>Hey guys,</P><P></P><P></P><P>&nbsp;&nbsp;&nbsp;&nbsp; Just doing some studying and running into something that I am not quiete understanding...</P><P></P><OL><LI>If i have 2 firewall's in Active/Active Stateful failover mode and 2 contexts (E1 and E2).&nbsp; Let's say ASA1 has E1 as the active context and ASA2 has E2 as the active context.&nbsp; E2 is the only context used to connect Router_X.&nbsp; If I need to permit traffic to Router_X, would I make the ACL in the ASA1 E2 context (secondary) or in the ASA2 E2 context (primary)?<BR /><BR /></LI><LI>I completed an Active\Active Statuful failover configuration between 2 firewalls, but once I was finished I remembered that i didn't configure the failover group 2 as secondary (problem).&nbsp; So i went ahead and make the configuration change, once I did so I entered the commands NO FAILOVER/FAILOVER to "resynch" the configurations between the 2 firewalls.&nbsp; Is this necessary or couldn't I just perform a WRITE on the primary ASA?<BR /><BR /></LI><LI>Is there any command that will verify that each of the configurations on both firewalls are syncrhonized?</LI></OL><P></P><P></P><P>Thanks ahead of time guys!</P> Mon, 11 Mar 2019 23:51:53 GMT https://community.cisco.com/t5/network-security/failover-questions/m-p/2064683#M399584 CSCO11733516 2019-03-11T23:51:53Z https://community.cisco.com/t5/network-security/failover-questions/m-p/2064684#M399585 <HTML><HEAD></HEAD><BODY><P>Hi Kenneth,</P><P></P><P>Here are your answers:</P><P></P><P>1. If you need to make changes, always do that on the active context, replication is always done from active to standby, so you need to make changes on E2 active context on ASA2.</P><P></P><P>2. You need not do this everytime, just do a write mem or write standby, that would save teh configuration on the standby context as well.</P><P></P><P>3. There is no command to verify the command replication, you can check the status of the contexts through "show failover" in the system context, if they show active and standby, then everything is fine. You can study different failovers status's from here:</P><P></P><P><A class="active_link" href="http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/s3_72.html#wp1285409">http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/s3_72.html#wp1285409</A></P><P></P><P>Hope that helps</P><P></P><P>Thanks, </P><P>Varun Rao <BR />Security Team, <BR />Cisco TAC</P></BODY></HTML> Mon, 10 Sep 2012 03:24:44 GMT https://community.cisco.com/t5/network-security/failover-questions/m-p/2064684#M399585 varrao 2012-09-10T03:24:44Z https://community.cisco.com/t5/network-security/failover-questions/m-p/2064685#M399586 <HTML><HEAD></HEAD><BODY><P>Thanks Varun!</P></BODY></HTML> Mon, 10 Sep 2012 14:48:41 GMT https://community.cisco.com/t5/network-security/failover-questions/m-p/2064685#M399586 CSCO11733516 2012-09-10T14:48:41Z