Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1638
Views
0
Helpful
7
Replies

ASA 5520 - Active/Standby - Reverse Primary/Secondary

Go to solution
Damien Duchenne
Level 1
Level 1

‎09-18-2014 02:49 AM - edited ‎03-11-2019 09:46 PM

Hi all,

 

I didn't find an answer to my question in this forum, even if some persons have spoken about this subject.

I am running with a current Active/Standby configuration of two ASA 5520 with version 8.2(5).

I want to reverse their configuration as this:

  • The current Primary one should become the Secondary one
  • The current Secondary one should become the Primary one

 

I want a final configuration, so the command "failover active" on the Secondary unit will only activate the failover, but the Primary/Secondary configuration will remain the same, so it's not the aim.

 

Is someone has a procedure to proceed?

 

Thank you very much for your help.

 

Best regards,

Damien

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marius Gunnerud
VIP
VIP
In response to Damien Duchenne

‎09-18-2014 03:52 AM

Issuing the command failover active on the standby unit will do what you want.  It is done often if someone wants to perform some maintenance on the ASA that is currently the active ASA.

once you do this the standby unit will remain the primary until either a failover situation occurs or you perform another manual failover.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Marius Gunnerud
VIP
VIP

‎09-18-2014 03:39 AM

I want a final configuration, so the command "failover active" on the Secondary unit will only activate the failover, but the Primary/Secondary configuration will remain the same, so it's not the aim.

I am not entirely sure I understand what you want to accomplish here.  Do you want to be able to do a failover, but the IP addresses on the interfaces remain the same?  Such as active ip is x.x.x.x and standby ip is y.y.y.y, then initiate a failover and the active ip is now y.y.y.y and standby is x.x.x.x?

if this is the case, this is not possible.

If this is not what you are trying to do, then please explain in more detail what it is you want to happen.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Go to solution
Damien Duchenne
Level 1
Level 1
In response to Marius Gunnerud

‎09-18-2014 03:47 AM

Hi,

 

Thank you for your reply.

In fact, to make it simple, I want to reverse the current Active/Standby cluster. I know that the command "failover active" will force the failover, but I assume it's not a good situation ?

 

If ASA 1 is the current active firewall and ASA 2 the current standby one. I want to make ASA 2 the Active one (Primary) and ASA 1 the Standby one (Secondary).

Therefore, I need to change the command "failover lan unit primary" on ASA 1 by "failover lan unit secondary" and the opposite for ASA 2 (from "failover lan unit secondary" to "failover lan unit primary"). I don't know how to proceed...

 

I hope you understand my need.

 

Thank you again.

 

Best regards,

Damien

0 Helpful

Go to solution
Marius Gunnerud
VIP
VIP
In response to Damien Duchenne

‎09-18-2014 03:52 AM

Issuing the command failover active on the standby unit will do what you want.  It is done often if someone wants to perform some maintenance on the ASA that is currently the active ASA.

once you do this the standby unit will remain the primary until either a failover situation occurs or you perform another manual failover.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Go to solution
Marius Gunnerud
VIP
VIP
In response to Marius Gunnerud

‎09-18-2014 03:53 AM

Also, keep in mind that once the failover pair are up and running and the configuration is synchronized, both ASAs will have the exact same configuration.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Go to solution
Damien Duchenne
Level 1
Level 1
In response to Marius Gunnerud

‎09-18-2014 04:05 AM

Great, thank you very much ! I'll proceed with the failover active so.

Therefore, there is no way to change the command "failover lan unit primary/secondary" to have a proper configuration ?

0 Helpful

Go to solution
Marius Gunnerud
VIP
VIP
In response to Damien Duchenne

‎09-18-2014 04:20 AM

If you really must change them, you will need to break the failover by using the command no failover (make sure to make a backup of the commands first) and then re-add the commands after you have made the appropriate changes to both units.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Go to solution
Damien Duchenne
Level 1
Level 1
In response to Marius Gunnerud

‎09-18-2014 05:16 AM

Thank you very much for your help !

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card