Best way to reload an asa config?

Andy White · ‎03-13-2014

Hello,

I've been thinking of 2 scenarios that could happen and I woud like to be ready. If a config error was made on our ASA (we have 2 in active/standby mode) what is the best way to recover assuming we have a tftp backup or local flash copy? I know their is a config replace option on routers/switches that will compare the running config and the tftp/local copy and then replace the changes to get you back online without a reload.

Also if we had to replace one of the ASA as it was faulty, I guess I would tftp the config but what abount the license keys?

Any thoughts/experience would be mos welcome.

Thanks

Marvin Rhoads · ‎03-13-2014

If the mistake is not small enough that you can simply undo the commands with "no ___" then copy the backup file to running-config and write mem to further copy it into the startup-config. Local flash copy will always be faster than tftp but either is of course erasable as well. I'd start with a local copy if available and then fall back to a remote copy where it's not.

The license keys (technically activation keys on an ASA) need to be generated for you by the TAC in the event of an RMA. Of course if the non-failed unit has the necessary licenses (in 8.3+) you don't also need to add them on the replacement unit as a HA pair shares most licenses (with a few exceptions like Security Plus which is a prerequisite to even enable failover on a 5505 or 5510 or 5512-X).