What's the best way to swap the interface configuration
Hi - I have a redundant pair of 5520s and I need to swap the interface configuration on them;
We have a DMZ connected to the Management interface and the failover link runs over one of the gig interfaces. I'm trying to work out the best way to swap the interface config for these whilst minimizing downtime.
Re: What's the best way to swap the interface configuration
Personally I haven't had to do this kind of change. When interfaces have changed it has almost always been a larger change where some downtime was to be expected.
You could maybe do it like this
- Remove the secondary unit from the network and remove the Failover configurations (I think you can leave the standby IP configurations intact, but not 100% sure)
- Change the DMZ configurations and physical connections to the new port. You will also need to issue all the "nameif" related commands again (like NAT commands and attaching ACL to an interface and so on.
- Configure the new Failover link
- Perhaps even clear the configurations on the former secondary unit and configure it with just the failover configurations and let it copy the settings from the primary/active unit when its (secondary ASA) connected to the network.
Ofcourse youve better backup the original situation/configuration and also gather all the configurations related to the DMZ interfaces "nameif" since you will loose all those when moving the interface configurations (you cant change the nameif to another interface/subinterface without losing the related configurations as the ASA wont let you name another interface with the same "nameif" if one already excists)
Threat Response Basics
What is Threat Response and how can it help my organization?
What is the cost of Threat Response?
What are the deployment options for Threat Response?
Is Threat Response available outside of the United States?
Gartner has once again named Cisco a Leader in the Magic Quadrant for Network Firewalls. This distinction recognizes Cisco's ingenuity in redefining the firewall as the basis for an integrated security platform.
Find out how Cisco stands out from the comp...
Hi experts,I would like any suggestions on this topology. We are is the middle of replacing our old ASA5520 with the new FirePower. Our current firewall terminate our IPsec tunnels and the GRE is terminated on the first inside router's loopback on the sec...
Hi All, A customer wants to authenticate Anyconnect VPN users from an ASA using the client installed certificate and then with AD. i.e. Is this a corporate device?Would we recommend authenticating the cert on the ASA then passing the AD check to ISE ...
Hello Team, we are getting alert in FMC stating policy deployment failed, we are running on 6.2.0 version and not sure which version is stable version to re mediate this issue, in one event i have seen restart will resolve this issue but is it perman...