cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


9447
Views
35
Helpful
10
Replies
Beginner

make secondary ASA the new Primary and active asa

We have two cisco asa 5510's in a failover setup.

I'd like to take the secondary/failover and make it the primary/active and do this for good..not just for testing. And of course make the other the new secondary/failover.

What would be the best way of doing this? What config do I need to change?

To sum it up, Id like to swap the units from primary to secondary and vice versa.

Everyone's tags (2)
10 REPLIES 10
VIP Advocate

Just issue the command "no

Just issue the command "no failover active" on the primary ASA.  The secondary unit will now be the primary/active unit and will remain that way until another failover situation occurs.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to rate and select a correct answer
Engager

hi,marius is correct.you

hi,

marius is correct.

you could alternatively do this via ASDM.

click on Make Standby button.

see screenshot attached.

Highlighted

Re: hi,marius is correct.you

Primary will be always primary and secondary will be always secondary.., only you can change the Active and standby mode. after putting "failover active" on standby unit, it will become Secondary/Active and other will be primary/Standby.

 

Regards,

Saurabh 

Re: hi,marius is correct.you

Thank you Marius. It was a pretty easy fix.

Hall of Fame Guru

Re: make secondary ASA the new Primary and active asa

Is you want to change the role and not just the state, you will need to make the failover unit Secondary-Active as others have described. Then take the Primary-Standby offline. Modify the Secondary-Active configuration to designate it as Primary and the (offline) Primary unit to make it Secondary. Then bring the former Primary (newly designated Secondary) back online.

 

The bigger question is why go the the trouble? The designation is purely cosmetic in 99% of the use cases.

Beginner

Re: make secondary ASA the new Primary and active asa

Can you elaborate all the steps that you have describe?
Hall of Fame Guru

Re: make secondary ASA the new Primary and active asa

I suggest you start a new thread and describe what you're trying to accomplish.

Beginner

Re: make secondary ASA the new Primary and active asa

Sorry, old post, but just wanted to thank Marvin and post another follow-up question to his response.

I believe you're correct, and that Marius was missing those last steps(as his would only change from active/standby, and not the primary/secondary). However, you mentioned it was mostly cosmetic. So, are you saying I can make changes to the config on my secondary, and it will push those changes out to the primary as well? All changes don't have to go through the primary to propagate to the secondary?
Hall of Fame Guru

Re: make secondary ASA the new Primary and active asa

Propagation of configuration changes is always from Active to Standby.

 

Whether a unit is Primary or Secondary has nothing to do with that bit - it's strictly a convention to distinguish one appliance from the other.

Beginner

Re: make secondary ASA the new Primary and active asa

I have a similar scenario.  The Secondary is Active.  The Primary is offline and out of sync with the Secondary.  I want to make change my Secondary to Primary, wipe my old Primary and make it Secondary.  The process appears easy.

 

My question is when I change my current Secondary/Active to Primary/Active via:

 

failover lan unit primary

 

will this cause any downtime?

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here