08-09-2018 07:08 AM - edited 02-21-2020 08:05 AM
Tried this in the firewall section but no one knew the answer. Figured I'd ask here next.
I have two 5520's. One in production with an IPS SSM-10 installed, and one in storage. All parameters are identical except I don't have an SSM-10 for the storage 5520.
Can I still HA pair that storage 5520 to the production 5520 if I don't have an IPS module in the standby unit but I do have one in the active unit or will it not work? The IPS's have to be configured manually - meaning that replication to mate does not take care of the IPS so I would think no, but not sure.
Solved! Go to Solution.
08-09-2018 07:54 AM
Both devices have to be identically. WIth the SSM-10 being EOL and without any signature-updates, I would remove the module from the first ASA and operate both without.
But remember that the ASA 5520 is also EOL and should be replaced soon.
08-09-2018 07:54 AM
Both devices have to be identically. WIth the SSM-10 being EOL and without any signature-updates, I would remove the module from the first ASA and operate both without.
But remember that the ASA 5520 is also EOL and should be replaced soon.
08-09-2018 08:08 AM
Thanks Karsten. So just to confirm: It's either both with IPS or both without right?
Cannot run one with and one without in HA pair even though config sync doesn't replicate between them like running-conf of the ASA itself does right?
08-09-2018 08:15 AM
08-09-2018 08:30 AM
Thank you Sir.
A follow up question:
My storage 5520 has no config on it or on the IPS. When I console into the 5520 and do "session 1" it says the module in slot 1 did not respond and it's state is "unresponsive."
Do I need to do something before I can session to it with a blank config, connected via console connection or should that work?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: