Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
929
Views
0
Helpful
3
Replies

ASA Active/Standby Running comparison

Go to solution
uber_cookie
Level 1
Level 1

‎02-22-2011 11:51 PM - edited ‎03-11-2019 12:54 PM

Just want to check, is there a command that will compare configuration of Active and Standby unit or at least indicate out of sync configuration. For some reason I think there was or is...

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
csaxena
Cisco Employee
Cisco Employee

‎02-23-2011 12:26 AM

Hello,

If you feel that there is a config mismatch, please issue the command write standby on active device.

If you enter the write standby command on  the active unit, the standby unit clears its running configuration  (except for the failover commands used to communicate with the active  unit), and the active unit sends its entire configuration to the standby  unit.

Also, save the configs from both firewall in .doc file and use MS word compare utility.

Hope this helps. Please reply if you need further assistance.

Regards,

Chirag

P.S.: Please mark this thread as answered if you feel your query is answered. Do.rate helpful posts.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
csaxena
Cisco Employee
Cisco Employee

‎02-23-2011 12:26 AM

Hello,

If you feel that there is a config mismatch, please issue the command write standby on active device.

If you enter the write standby command on  the active unit, the standby unit clears its running configuration  (except for the failover commands used to communicate with the active  unit), and the active unit sends its entire configuration to the standby  unit.

Also, save the configs from both firewall in .doc file and use MS word compare utility.

Hope this helps. Please reply if you need further assistance.

Regards,

Chirag

P.S.: Please mark this thread as answered if you feel your query is answered. Do.rate helpful posts.

0 Helpful

Go to solution
uber_cookie
Level 1
Level 1
In response to csaxena

‎02-23-2011 12:40 AM

I am aware of these commands my issue would be if someone has made changes to the standby and primary and did not save the configuration across using wr active or wr stanby.

Simply put,

Active

access-list inside_in extended permit tcp host 10.0.0.0 host 10.0.0.0 eq http

access-list inside_in extended permit tcp host 1.0.0.0 host 1.0.0.0 eq http

access-list inside_in extended permit host 5.0.0.0 host 5.0.0.0 eq http

Standby

access-list inside_in extended permit tcp host 10.0.0.0 host 10.0.0.0 eq http

access-list inside_in extended permit tcp host 7.0.0.0 host 7.0.0.0 eq http

access-list inside_in extended permit ip object-group A-SERVERS object-group MORE-SERVERS eq PORTS

This is minor expample but when multiplied by 10 or more makes it dificult to troubleshoot

PS

As for comparing offloaded configs to a file I have always relied on Notepad++ compare extension

0 Helpful

Go to solution
csaxena
Cisco Employee
Cisco Employee
In response to csaxena

‎02-23-2011 12:41 AM

If the commands are entered on primary firewall which is in standby, then that will neve be replicated to active device and not be part of running coniguration. I doubt if we have any such command to

  • copy from standby to active
  • compare 2 configs


Packet capture ASA/PIX - FWSM

Hope this helps. Please reply if you need further assistance.

Regards,

Chirag

P.S.: Please mark this thread as answered if you feel your query is answered. Do.rate helpful posts.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card