Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
228
Views
0
Helpful
8
Replies

Factory Reset HA pair of Cisco ASAs

irbk
Level 1
Level 1

‎01-09-2025 10:26 AM

I've got a pair of hosted Cisco ASA 5525's in an HA pair that are being replaced.  It's a bit of a weird situation because the hosting company owns the devices but they don't manage the devices.  Because they don't manage the devices, they won't perform a wipe on the devices.  The responsibility is on me to wipe the devices, but I have to do it remotely.  I know I could run a "configure factory-default" From the CLI or probably even do the "Reset Device To the Factory Default Configuration" from the ASDM.  My question comes with the HA part.  If I run this on one of the devices, will the other device also run the factory reset?  Or will the factory reset only reset whatever device I just ran the reset on and then I'd have to run it a 2nd time on the 2nd device?

TIA! 

Labels:
0 Helpful
8 Replies 8

Flavio Miranda
VIP
VIP

‎01-09-2025 12:54 PM

@irbk 

 I would log into the standby and run the command "write erase" and reload. You will lost access to the standby. Then, log on the active one and repeat the process.

0 Helpful

irbk
Level 1
Level 1
In response to Flavio Miranda

‎01-09-2025 12:57 PM

Which would be a reasonable approach, but I actually only have access to 1 of the devices now.  Just sort of a single patch into the primary device.  Hosting company would probably charge me to move the cable to the secondary device too.  So stupid that they won't wipe devices they own.

0 Helpful

Flavio Miranda
VIP
VIP
In response to irbk

‎01-09-2025 01:03 PM

@irbk 

From active "failover exec standby  write erase" , "failover exec standby reload"

0 Helpful

irbk
Level 1
Level 1
In response to Flavio Miranda

‎01-09-2025 01:40 PM

Appreciate the attempted assist but I get a [FAILED] error when I try that.

ASA-Primary# failover exec standby write erase
Erase configuration in flash memory? [confirm]
[FAILED]

0 Helpful

Flavio Miranda
VIP
VIP
In response to irbk

‎01-09-2025 02:25 PM

shame on you ASA! LOL  but it could be due the criticity of the command.  I actually never did it before. 

0 Helpful

irbk
Level 1
Level 1
In response to Flavio Miranda

‎01-10-2025 05:50 AM

Yeah, I think I'm just going to have to pay them to move the cable to the secondary and wipe them separately.

0 Helpful

Flavio Miranda
VIP
VIP
In response to irbk

‎01-10-2025 06:25 AM

Sounds like a plan.

0 Helpful

MHM Cisco World
VIP
VIP

‎01-14-2025 10:20 PM

The following commands are replicated to the standby ASA:

  • All configuration commands except for mode, firewall , and failover lan unit

  • copy running-config startup-config

  • delete

  • mkdir

  • rename

  • rmdir

  • write memory

The following commands are not replicated to the standby ASA:

  • All forms of the copy command except for copy running-config startup-config

  • All forms of the write command except for write memory

  • debug

  • failover lan unit

  • firewall

  • show

  • terminal pager and pager

So factory is replication from active to standby 

MHM

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card