05-21-2012 11:06 AM - edited 03-11-2019 04:09 PM
I have 2 ASA 5540's that I want to run in HA A/F. The active ASA has an IPS module running. I no longer need this and would rather remove it than purchase another module for the spare. What is the process to do this safely? After removal will the HA wizard recognize that the module was removed or do I have to update the software? Thanks in advance for the advice...
05-22-2012 04:27 AM
Not sure how the failover is on if you only have IPS module on the Active device.
For failover to work, it needs to have exactly the same hardware including the SSM card as per the following document:
http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/ha_overview.html#wp1130001
But if you would like to remove the IPS module from the active unit, there is nothing that needs to be done (no software update is required), and just check that the failover is running by issuing: show failover
05-22-2012 06:52 AM
Sorry about that. That was a typo. I meant Active/Standby. I don't have the standby ASA configured yet. I couldn't get past the wizard saying I had a Hardware mismatch. I just wanted to know if anyone out here in intertube land has encountered any issues pulling the IPS module from the ASA or is it as easy as shutting it off, pulling the card, and turning it back on.
05-22-2012 07:34 AM
Yup, it is just as easy as shutting it off, pulling the card and turning it back on. You are absolutely correct.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide