cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
189
Views
0
Helpful
3
Replies
Highlighted
Beginner

Bring new Primary, to sync with Active Secondary

Hi Experts,

I'm migrating 5525-X HA to 5555-X HA.

Due to logistics, I've migrated Secondary first. I now need to bring Primary into HA.

I need to ensure that new Primary syncs from Secondary, and not the other way around.

Would the best way to ensure this - either:

(a) only connect the Failover LAN interface links of the new Primary (but not its monitored interfaces), thus ensuring it cannot become Active? Or;

(b) power down the Primary, connect all its interfaces, and power-up (as rebooted ASA cannot become Active if it sees a mate)? Or;

(c) other?

R's, Alex

1 ACCEPTED SOLUTION

Accepted Solutions
VIP Engager

Re: Bring new Primary, to sync with Active Secondary

correction.

yes. it will work. I had done kind of a similar thing. make sure the sub-interface(if you have any) and monitor interfaces are monitor mode. the reason of this is other unit will sync and find out there is link failure and keep the unit secondary active.

please do not forget to rate.

View solution in original post

3 REPLIES 3
Highlighted
VIP Engager

Re: Bring new Primary, to sync with Active Secondary

Would the best way to ensure this:

(a) only connect the Failover LAN interface links of the new Primary (but not its monitored interfaces), thus ensuring it cannot become Active?

yes. it will work. I had done kind of a similar thing. make sure the sub-interface(if you have) and monitor interfaces are not monitor mode. the reason of this is other unit will sync and find out there is link failure and keep the unit secondary active.

 

(b) power down the Primary, connect all its interfaces, and power-up (as rebooted ASA cannot become Active if it sees a mate)?

if you have access to switch which is connected to firewall you can shutdown the port except the failover link between two units. instead of power off and power on the unit.

 

 

(c) other?

make sure you have a backup configuration just in case the change goes wrong. always better to have a backup plan/exit window.

please do not forget to rate.
Highlighted
Beginner

Re: Bring new Primary, to sync with Active Secondary

thanks...
> make sure the sub-interface(if you have) and monitor interfaces are not monitor mode.
I don't understand interface's "monitor mode" - can you explain?

VIP Engager

Re: Bring new Primary, to sync with Active Secondary

correction.

yes. it will work. I had done kind of a similar thing. make sure the sub-interface(if you have any) and monitor interfaces are monitor mode. the reason of this is other unit will sync and find out there is link failure and keep the unit secondary active.

please do not forget to rate.

View solution in original post