Re: Cisco ASA Config Syn in Active and Passive

mahesh1818 · ‎01-13-2025

Hi Team,

We have old Cisco ASA need to confirm that config and sessions are synced to the Passive ASA?????

This host: Secondary - Active
Active time: 30555250 (sec)
slot 0: ASA5515 hw/sw rev (1.0/8.6(1)2) status (Up Sys)
Interface INSIDE (10.30.136.10): Normal (Not-Monitored)
Interface DMZ (192.168.10.20): Normal (Not-Monitored)
Interface serv (192.168.20.20): No Link (Not-Monitored)
Interface corp (172.20.25.2): No Link (Not-Monitored)
Interface management (10.11.1.54): Normal (Monitored)
slot 1: IPS5515 hw/sw rev (N/A/) status (Unresponsive/Up)

Other host: Primary - Standby Ready
Active time: 0 (sec)
slot 0: ASA5515 hw/sw rev (1.0/8.6(1)2) status (Up Sys)
Interface INSIDE (10.30.136.11): Normal (Not-Monitored)
Interface DMZ (0.0.0.0): Normal (Not-Monitored)
Interface serv (192.168.20.19): Normal (Not-Monitored)
Interface corp (172.20.25.3): Normal (Not-Monitored)
Interface management (10.11.1.55): Normal (Monitored)
slot 1: IPS5515 hw/sw rev (N/A/) status (Unresponsive/Up)

Regards

Mahesh

MHM Cisco World · ‎01-13-2025

connect to standby and check
1- show run
2- show conn
3- show xlate

this will make you sure the config and session is sync between two FW

MHM

mahesh1818 · ‎01-13-2025

show conn
8 in use, 11 most used

Also show xlate shows traffic

MHM Cisco World · ‎01-15-2025

show conn in both FW

the number must match if there is healthy sync

MHM

ahollifield · ‎01-13-2025

Is this ASA connected to the internet? https://www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-next-generation-firewalls/eos-eol-notice-c51-738644.html

mahesh1818 · ‎01-15-2025

not to the internet

will be replaced soon with new Cisco Firepower.