Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
351
Views
0
Helpful
1
Replies

ASA Active/Standby failover pair.

jasonb77
Level 1
Level 1

‎04-14-2011 09:31 AM - edited ‎03-11-2019 01:21 PM

Hi All,

I currently have two 5540's in an Active/Standby pair. The primary unit failed on February 12th, so the secondary ASA is now the active one. My question is this - we have made a lot of changes since February 12th and I am planning on fixing this failover issue over the weekend. Will the secondary (now active) FW sync it's config to the non-active FW, or will the failed FW sync it's out-of-date config - removing any changes that we've made in the last month or so.

Any thoughts?

Thank you.

Labels:
0 Helpful
1 Reply 1

barry
Level 7
Level 7

‎04-14-2011 09:47 AM

Hi Jason

You should be fine. The Active ASA should always perform the synch to the standaby ASA (your old primary unit). I've done this on numerous occasions and never had an issue with it. However just to be certain I would also back up your running config as well. If you want to ensure that you get VPN preshared keys do a "write net" to an external TFTP Server.

Hope this helps.

Barry

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card