Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1219
Views
0
Helpful
2
Replies

Splitting up a failover ASA pair

Go to solution
Cody Lo
Level 1
Level 1

‎11-12-2012 06:41 PM - edited ‎03-11-2019 05:22 PM

Hi!

I have a pair of ASA5510 currently running as a failover pair. For some reason we need to move one of the firewall to another site, is there any best practice on splitting up the failover pair then I can re-configure the secondary unit offline?

I'm thinking to power down the secondary unit, unplug it from the network totally then erase the configuration on the secondary unit on console so I can re-configure it. For the primary unit, I will disable the faiolver config by "no failover" on the primary unit. Is that necessarily all thing for splitting up the failover cluster?

Attach is the show version for reference, thanks!

#### show ver ####

Cisco Adaptive Security Appliance Software Version 8.0(3)

Device Manager Version 6.0(3)

Compiled on Tue 06-Nov-07 22:59 by builders

System image file is "disk0:/asa803-k8.bin"

Config file at boot was "startup-config"

firewall up 154 days 12 hours

failover cluster up 154 days 12 hours

Hardware:   ASA5510, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHz

Internal ATA Compact Flash, 256MB

BIOS Flash M50FW080 @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)

                             Boot microcode   : CN1000-MC-BOOT-2.00

                             SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.01

                             IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.04

0: Ext: Ethernet0/0         : address is 001f.9e1e.5be1, irq 9

1: Ext: Ethernet0/1         : address is 001f.9e1e.5be2, irq 9

2: Ext: Ethernet0/2         : address is 001f.9e1e.5be3, irq 9

3: Ext: Ethernet0/3         : address is 001f.9e1e.5be4, irq 9

4: Ext: Management0/0       : address is 001f.9e1e.5be5, irq 11

5: Int: Internal-Data0/0    : address is 0000.0001.0002, irq 11

6: Int: Internal-Control0/0 : address is 0000.0001.0001, irq 5

Licensed features for this platform:

Maximum Physical Interfaces  : Unlimited

Maximum VLANs                : 100

Inside Hosts                 : Unlimited

Failover                     : Active/Active

VPN-DES                      : Enabled

VPN-3DES-AES                 : Enabled

Security Contexts            : 2

GTP/GPRS                     : Disabled

VPN Peers                    : 250

WebVPN Peers                 : 2

AnyConnect for Mobile        : Disabled

AnyConnect for Linksys phone : Disabled

Advanced Endpoint Assessment : Disabled

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎11-12-2012 06:53 PM

Yes.

Please refer to this recent thread:

https://supportforums.cisco.com/thread/2145958?tstart=0

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎11-12-2012 06:53 PM

Yes.

Please refer to this recent thread:

https://supportforums.cisco.com/thread/2145958?tstart=0

0 Helpful

Go to solution
Cody Lo
Level 1
Level 1
In response to Marvin Rhoads

‎11-12-2012 06:59 PM

Alright, thanks for the tip

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card