cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
789
Views
0
Helpful
2
Replies

ASA5500 changing the failover IP addresses

David.Pellat
Beginner
Beginner

Hi,

What is the process for changing the IP addresses on a pair of ASA 5510's that are running as an Active/standby scenario.

Would it be the correct process to connect to the inside address of the standby unit, disable failover, change the address, save the config:

Standby Unit:

===========

no failover

failover interface ip Failover 172.30.254.225 255.255.255.252 standby 172.30.254.226

Primary Unit

==========

failover interface ip Failover 172.30.254.225 255.255.255.252 standby 172.30.254.226

Standby Unit
=============
failover

I cannot find a doco that details changing the addresses whilst in production.

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions

Maykol Rojas
Cisco Employee
Cisco Employee

You are completely right, there is no document for this, here is what I would do...

-Disconnect the cables on the Secondary Unit

-Disable failover on the primary Unit

-Via console on the secondary unit... Clear all the config and put the new failover commands including the New IP

-On the primary Unit change the failover IP with that command you highlighted.

-Once the primary has all the configuration and the secondary only the failover commands...connect the failover cable of the secondary unit only (Since the other interfaces are down, it wont try to become active if he is not able to find the primary Unit.

-Once connected, enable failover on the priamry and on the secondary

-Once the configuration is replicated and the primary unit looks active and the secondary as failed... connect the rest of the cables...

That way you wont loose internet connectivity... and I think is the safest way to do it.

Mike

Mike

View solution in original post

2 REPLIES 2

Maykol Rojas
Cisco Employee
Cisco Employee

You are completely right, there is no document for this, here is what I would do...

-Disconnect the cables on the Secondary Unit

-Disable failover on the primary Unit

-Via console on the secondary unit... Clear all the config and put the new failover commands including the New IP

-On the primary Unit change the failover IP with that command you highlighted.

-Once the primary has all the configuration and the secondary only the failover commands...connect the failover cable of the secondary unit only (Since the other interfaces are down, it wont try to become active if he is not able to find the primary Unit.

-Once connected, enable failover on the priamry and on the secondary

-Once the configuration is replicated and the primary unit looks active and the secondary as failed... connect the rest of the cables...

That way you wont loose internet connectivity... and I think is the safest way to do it.

Mike

Mike

Many thanks

Success!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: