cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1186
Views
0
Helpful
4
Replies

ASA Failover

balajirajahpb
Level 1
Level 1

Daear All,

I have two ASA device configured with Active/Standby failover configuration.

Now the Standby unit is active and Primary unit is in standby ready state.

If I enter write standby command in standby unit which is currently active will it rewrite the configuration of primary unit which is in standby ready state.

Hope I explained clearly. Refer the attachment.

Regards

Balajirajah P B

4 Replies 4

Hi,

When you issue the write standby command it will write the configuration stored in the RAM of the active failover unit to the RAM on the standby unit.

So the answer is yes... no matter which ASA is the primary or secondary, the write standby will copy the running-config from the active unit to the standby unit.

If for any reason both units have different configurations, you should use that command to sync the config.

The write standby will not save the config to flash, it will only copy the config to the running-config of the standby unit.

Federico.

Panos Kampanakis
Cisco Employee
Cisco Employee

To clarify it, you should do "write standby" on the ACTIVE unit and that will wipe the standby unit config and send it over.

So, do it on the active unit .

I hope it helps.

PK

Thanks. I'm getting following error.

ASA# write standby
Building configuration...
Configuration can only be replicated from the Active unit.
[FAILED]

        This host: Primary - Active
                Active time: 35246599 (sec)
                slot 0: ASA5520 hw/sw rev (2.0/8.0(4)) status (Up Sys)
                  Interface INSIDE (x.x.x.x): Normal (Waiting)
                  Interface PROD (x.x.x.x): Normal (Not-Monitored)
                  Interface DEVDMZ (x.x.x.x): Normal (Not-Monitored)
                  Interface DEV (x.x.x.x): Normal (Not-Monitored)
                  Interface DMZ (x.x.x.x): Normal (Not-Monitored)
                  Interface PAHOLABMANAGER (x.x.x.x): Normal (Not-Monitored)
                  Interface TRANSIT (x.x.x.x): Normal (Not-Monitored)
                  Interface OUTSIDE (x.x.x.x): Normal (Not-Monitored)
                slot 1: empty
        Other host: Secondary - Sync Config
                Active time: 0 (sec)
                slot 0: ASA5520 hw/sw rev (2.0/8.0(4)) status (Up Sys)
                  Interface INSIDE (x.x.x.x): Unknown (Waiting)
                  Interface PROD (x.x.x.x): Unknown (Not-Monitored)
                  Interface DEVDMZ (x.x.x.x): Unknown (Not-Monitored)
                  Interface DEV (x.x.x.x): Unknown (Not-Monitored)
                  Interface DMZ (x.x.x.x): Unknown (Not-Monitored)
                  Interface PAHOLABMANAGER (x.x.x.x): Unknown (Not-Monitored)
                  Interface TRANSIT (x.x.x.x): Unknown (Not-Monitored)
                  Interface OUTSIDE (x.x.x.x): Unknown (Not-Monitored)
                slot 1: empty

Regards

Balajirajah P B

Yes, it is strange. You did the "wr standby" on the active unit from what I am seeing right?

The issue is probably because the standby is stuck in a state where it thinks it is synching config. Another thing to try is to reboot the standby and have him synch config when it comes back and also do a "wr standby". It should not affect traffic because the actives is still going to stay active while the standby is rebooting.

I hope it helps.

PK

Review Cisco Networking for a $25 gift card