03-16-2020 09:43 AM - edited 03-16-2020 11:22 AM
Hi Experts,
I'm migrating 5525-X HA to 5555-X HA.
Due to logistics, I've migrated Secondary first. I now need to bring Primary into HA.
I need to ensure that new Primary syncs from Secondary, and not the other way around.
Would the best way to ensure this - either:
(a) only connect the Failover LAN interface links of the new Primary (but not its monitored interfaces), thus ensuring it cannot become Active? Or;
(b) power down the Primary, connect all its interfaces, and power-up (as rebooted ASA cannot become Active if it sees a mate)? Or;
(c) other?
R's, Alex
Solved! Go to Solution.
03-16-2020 12:33 PM
correction.
yes. it will work. I had done kind of a similar thing. make sure the sub-interface(if you have any) and monitor interfaces are monitor mode. the reason of this is other unit will sync and find out there is link failure and keep the unit secondary active.
03-16-2020 11:10 AM
Would the best way to ensure this:
(a) only connect the Failover LAN interface links of the new Primary (but not its monitored interfaces), thus ensuring it cannot become Active?
yes. it will work. I had done kind of a similar thing. make sure the sub-interface(if you have) and monitor interfaces are not monitor mode. the reason of this is other unit will sync and find out there is link failure and keep the unit secondary active.
(b) power down the Primary, connect all its interfaces, and power-up (as rebooted ASA cannot become Active if it sees a mate)?
if you have access to switch which is connected to firewall you can shutdown the port except the failover link between two units. instead of power off and power on the unit.
(c) other?
make sure you have a backup configuration just in case the change goes wrong. always better to have a backup plan/exit window.
03-16-2020 11:30 AM - edited 03-16-2020 11:30 AM
thanks...
> make sure the sub-interface(if you have) and monitor interfaces are not monitor mode.
I don't understand interface's "monitor mode" - can you explain?
03-16-2020 12:33 PM
correction.
yes. it will work. I had done kind of a similar thing. make sure the sub-interface(if you have any) and monitor interfaces are monitor mode. the reason of this is other unit will sync and find out there is link failure and keep the unit secondary active.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide