05-22-2014 02:29 AM - edited 03-11-2019 09:13 PM
Greetings,
Would like to do few clarification on ASA active/standby failover, involving CSC SSM module.
Current status there is production firewall running in ASA8.3.1, along with CSC module 6.3
Purchase another identical unit of firewall, so these will do in Active/Standby failover mode.
question 1
The new purchase ASA unit CSC module license was not acitviate and installed yet (customer misplace the PAK paper license). my question is it possible to set up the failover in the condition of one CSC SSM in operation mode, whilst another CSC status down because no license install on it?
question 2
New firewall will the standby unit, beside configure on the failover, do we need to load AnyConnect image to the new firewall as well?
question 3
Can i just update the ASA version of the production firewall from 8.3.1 to 8.4.2? Would this cause any syntax error?
Thanks
Noelle
Solved! Go to Solution.
05-22-2014 04:09 AM
1. As long as the hardware is exactly the same you should be able to HA pair them however I'd strong suggest licensing both CSC modules.
2. Yes, you need to have the same versions of the AnyConnect image on both units since the version is listed in the running config under the webvpn section.
3. Going from 8.3.1 to 8.4.2 will be fine, the syntax is similar.
05-22-2014 04:09 AM
1. As long as the hardware is exactly the same you should be able to HA pair them however I'd strong suggest licensing both CSC modules.
2. Yes, you need to have the same versions of the AnyConnect image on both units since the version is listed in the running config under the webvpn section.
3. Going from 8.3.1 to 8.4.2 will be fine, the syntax is similar.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide