We're currently running Active/Active on our ASA 5525 pair (it's been this way since I took over our network) with multiple context mode. My plan is to revert back to single context mode and switch to Active/Standby, but I'm not exactly sure what this process will entail.
As things stand right now we've got:
Context 1 (This has the config I'd ultimately like to use in single context mode)
I know I'll need to issue a mode single command, but what exactly happens to the above contexts when I do this? We're a 24/7 operation so I want to get a sense of what I'll be dealing with when I ultimately make this change.
basically the separate configs are merged to a single one.
but why this action?
may it be an option to just move all contexts to the same failover group?
pieterh - Thanks for the response. There are a few reasons for moving back to single-context for us:
1. It's a standard organizationally unless dictated otherwise for some specific reason.
2. There are (at least from what I've been told) some issues with newer versions of FireSIGHT when you're in an Active/Active setup.
3. IP SLA isn't available in multi-context mode and I'd like to get this configured in conjunction with policy based routing on the firewall.
So if the separate configs are merged, would I simply need to delete Context 2 prior to going to single mode?
I don't think it matters, but yes a simple configuration will make a simple migration
what Iwould do is
- break the failover pair (redundancy loss but not loss of service )
and disconnect (what was) the secondary
- test the migration on the secondary (offline)
then if the resulting config looks good
- migrate the primary (maintenance window because of reload)
- re-establish the failover pair
other posts also suggest a similar process even without breaking failover, but just disconnect the secondary.