Solved: 1. As long as the hardware is

yong khang NG · ‎05-22-2014

Greetings,

Would like to do few clarification on ASA active/standby failover, involving CSC SSM module.

Current status there is production firewall running in ASA8.3.1, along with CSC module 6.3

Purchase another identical unit of firewall, so these will do in Active/Standby failover mode.

question 1
The new purchase ASA unit CSC module license was not acitviate and installed yet (customer misplace the PAK paper license). my question is it possible to set up the failover in the condition of one CSC SSM in operation mode, whilst another CSC status down because no license install on it?

question 2
New firewall will the standby unit, beside configure on the failover, do we need to load AnyConnect image to the new firewall as well?

question 3
Can i just update the ASA version of the production firewall from 8.3.1 to 8.4.2? Would this cause any syntax error?

Thanks

Noelle

kevin_giusti · ‎05-22-2014

1. As long as the hardware is exactly the same you should be able to HA pair them however I'd strong suggest licensing both CSC modules.

2. Yes, you need to have the same versions of the AnyConnect image on both units since the version is listed in the running config under the webvpn section.

3. Going from 8.3.1 to 8.4.2 will be fine, the syntax is similar.

View solution in original post

kevin_giusti · ‎05-22-2014

1. As long as the hardware is exactly the same you should be able to HA pair them however I'd strong suggest licensing both CSC modules.

2. Yes, you need to have the same versions of the AnyConnect image on both units since the version is listed in the running config under the webvpn section.

3. Going from 8.3.1 to 8.4.2 will be fine, the syntax is similar.

ASA failover with CSC SSM module