Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
556
Views
5
Helpful
3
Replies

Change ASA 5585-X IPS SSP-20 to ACTIVE/ACTIVE

CiscoBrownBelt
Level 6
Level 6

‎02-28-2018 10:34 AM - edited ‎02-21-2020 07:27 AM

Right now, module 1 is the IPS and the FW is in Active/Standby failover mode. I need to change the FW to Active/Active failover mode to use both as a primary and secondary FW. I use the Mgmt wizard and enter the default Mgmt Ip of the IPS (192.168.1.2) as the Peer IP Address and receive a "peer connectivity" error.

Both the FW module (192.168.1.1) and the IPS (192.168.1.2) are pingable. Any help??

Labels:
0 Helpful
3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

‎03-01-2018 02:14 AM

As long as you have a single context ASA you cannot use the Active-Active HA feature.

 

Active-active is only supported for multiple context ASAs. In that case you designate a given context as active on a given appliance.

 

Also note that changing from single context to multiple context will wipe out any existing configuration.

CiscoBrownBelt
Level 6
Level 6
In response to Marvin Rhoads

‎03-05-2018 10:53 AM

Ok disregard the ACTIVE ACTVE for now. I am trying to change the ASA so both modules are FW instead of one FW and the other a IPS. It appears the license is good. Any suggestions?
0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to CiscoBrownBelt

‎03-06-2018 02:44 AM

One 5585-X chassis = one firewall. That's true with or without a module in slot 1.

 

The interfaces on the SSPs can always be used as additional interfaces. That's true whether they are an additional core SSP, IPS SSP, ASA CX SSP or Firepower SSP.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card