Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1599
Views
0
Helpful
4
Replies

ASA failover mode change from active/active to active/standby

anva12345
Level 1
Level 1

‎01-30-2013 04:43 AM - edited ‎03-11-2019 05:54 PM

Hi All

   we have two fireawalls configured in active/active mode with two context.All the interface of two contexts are shared.How can i change the mode of failover from active/active to active/standby with minimum disruption

Thanks in advance

Labels:
0 Helpful
4 Replies 4

Andrew Phirsov
Level 7
Level 7

‎01-30-2013 05:26 AM

I think you just have to delete join-failover-group command under your individual contexts. When it's done, all contexts will belong to the same failover group and only one appliance will be active.

Plus delete everything, related to your second failover group from the admin context, i.e. do no failover-group 2.

0 Helpful

anva12345
Level 1
Level 1
In response to Andrew Phirsov

‎01-30-2013 08:40 AM

Thank you Andrew for the response.

In our case,we have two context named A1 and A2.A1 is active on ASA-1 and A2 is active on ASA-2.What we require is to transfer all traffic for A2 to A1(this can be done by changing the routing on upper and down layer) and delete A2.After that change the mode from multiple to single and make the two firewalls in active/standby failover.Is this possible without any disruption.When we change mode from multiple to single,ip address configured for context interfaces will be migrated to orginal physical interface?

0 Helpful

Andrew Phirsov
Level 7
Level 7
In response to anva12345

‎01-30-2013 09:25 PM

When you change from multiple to single, your config will be lost, nothing will be migrated.

0 Helpful

Rudy Sanjoko
Level 4
Level 4
In response to anva12345

‎01-31-2013 01:39 AM

Here is my idea, I would make both contexts active in one of the ASA, this way, the traffic will flow to one ASA only and you can play around with the other ASA (change it to single, delete the context, port over the config from multi to single, etc.). Once the second ASA is ready to deploy, you transfer the traffic (A2 to A1) on first ASA, delete the A2 context, then transfer the whole traffic to the second ASA, after that you can start convert the first ASA to single, make it as secondary or primary, etc. (make sure that one ASA is able to handle traffic from both contexts).

Looking above scenario, you should have minimum disruption. Please keep in mind that above is only for Active/Standby single mode ASAs scenario, not for Active/Standby on multiple mode ASAs scenario.

HTH

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card