Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
848
Views
5
Helpful
2
Replies

ASA Firewall

Go to solution
SathishkumarSaravanan0348
Level 1
Level 1

‎09-19-2019 08:57 PM

Hi Experts,

 

I have couple of doubt. I am planning to do IOS upgrade in ASA firewall. 

 

1. In the device primary is showing as Active and secondary as failed. In this case can I upgrade the IOS in secondary device?

2. Normally when I perform IOS upgrade in asa(primary-active, secondary-standyby), i will just write the boot in active as it reflect in standby. Then in standby I will reload and make as failover active. Then in Active I reload and come to standby and make as no failover active. My question is if the device as primary as standby and secondary as active, then in which device I need to write the config and perform the same ?

 

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
jj27
Spotlight
Spotlight

‎09-19-2019 09:03 PM - edited ‎09-19-2019 09:05 PM

  1. If the secondary ASA is failed, it is likely offline. You will need to reboot or resolve the issue preventing it from communicating with the primary ASA.  When it is back online as standby,  you can perform the steps you illustrated in step 2 of your post.
  2. You perform the config save on whichever firewall is the active firewall. Transfer the ASA software to both devices, then reload the standby firewall.  When it comes back, fail over to it and reboot the now secondary ASA.

Helpful link for the upgrade process: https://www.cisco.com/c/en/us/td/docs/security/asa/upgrade/asa-upgrade/asa-appliance-asav.html#concept_F0701C3A86854801958757CEF1E4D999

 

View solution in original post

2 Replies 2

Go to solution
jj27
Spotlight
Spotlight

‎09-19-2019 09:03 PM - edited ‎09-19-2019 09:05 PM

  1. If the secondary ASA is failed, it is likely offline. You will need to reboot or resolve the issue preventing it from communicating with the primary ASA.  When it is back online as standby,  you can perform the steps you illustrated in step 2 of your post.
  2. You perform the config save on whichever firewall is the active firewall. Transfer the ASA software to both devices, then reload the standby firewall.  When it comes back, fail over to it and reboot the now secondary ASA.

Helpful link for the upgrade process: https://www.cisco.com/c/en/us/td/docs/security/asa/upgrade/asa-upgrade/asa-appliance-asav.html#concept_F0701C3A86854801958757CEF1E4D999

 

Go to solution
SathishkumarSaravanan0348
Level 1
Level 1

‎09-24-2019 01:25 AM

Thanks for the solution.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card