Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1733
Views
0
Helpful
2
Replies

Adding failed Primary ASA to HA

Go to solution
mahesh18
Level 6
Level 6

‎04-19-2019 02:35 PM

We have ASA in Primary - Active

                         Sec-  Standby

 

After Failover the Sec is Active now and Primary has died due to hardware failure.

 

Now I need to add new ASA  as Primary standby.

New ASA has no config yet just default.

 

Need to confirm few things

 

Config on new ASA

1>Write erase and reload

2>Int gi1/1 ----------------This is failover int

no shutdown

 

2> I can add below config on new ASA

 

failover lan unit primary

failover lan interface Statefull GigabitEthernet1/1

failover link Statefull GigabitEthernet1/1

failover interface ip Statefull x.x.x.x  255.255.255.224 standby x.x.x.x

failover

 

3>Wr mem

copy runn config to startup

 

4>Rack Mount the new Primary ASA

5>Power it on

 

6>Connect the console cable and failover cable only for now

 

7>Wait for below messages

 

Detected an Active mate

Beginning configuration replication from mate.

End configuration replication from mate.

 

8>After this I can add all the Data Interfaces and everything should be fine right?

 

Did I miss something?

 

For now I will leave Primary as standby.

Also we are not using any virtual mac address failover will this cause any  layer 2 issues?

Do I need to reboot the Sec ASA which is Active now during this process or if any issue occurs?

 

Regards

MAhesh

 

 

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni

‎04-19-2019 03:27 PM - edited ‎04-19-2019 03:28 PM

That sounds fine to me.  I would also take a backup of the conifg off the current active unit to, "just in case".  Also you need to make sure the new unit is running the same software version as the current unit.

 

I typically copy the whole config off the standby to the primary and then just update the line "failover lan unit primary" and then plug them in.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni

‎04-19-2019 03:27 PM - edited ‎04-19-2019 03:28 PM

That sounds fine to me.  I would also take a backup of the conifg off the current active unit to, "just in case".  Also you need to make sure the new unit is running the same software version as the current unit.

 

I typically copy the whole config off the standby to the primary and then just update the line "failover lan unit primary" and then plug them in.

0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to Philip D'Ath

‎04-22-2019 04:40 PM

I heard that when you add primary ASA as standby then current Sec active ASA uses new primary ASA for layer 2 communication.

 

How can i fix this ?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card