12-28-2009 09:41 AM - edited 03-11-2019 09:52 AM
Hello, i have 2 5520's running active/standby. How do i connect to the standby unit to load a IOS upgrade with zero downtime? I can ping my standby ip address from the primary/active unit but obviously cannot telnet from there. can i only connect to the standby unit with a console cable? I am not able to ping the standby unit IP from my lan.......
Thanks!
12-28-2009 09:51 AM
jwilder wrote:
Hello, i have 2 5520's running active/standby. How do i connect to the standby unit to load a IOS upgrade with zero downtime? I can ping my standby ip address from the primary/active unit but obviously cannot telnet from there. can i only connect to the standby unit with a console cable? I am not able to ping the standby unit IP from my lan.......
Thanks!
It's probably a routiing issue. When you say you cannot connect from your LAN is your LAN address on a different subnet than the ASA standby address ? If so you need either -
1) routing on the standby ASA to get to remote networks. Note if you had a defaultg static route on the primary the standby should have it too. If you are using dynamic routing on the firewalls the standby only gets the routes when the primary fails.
or
2) use a machine on the same subnet as the ASA standby address.
Jon
12-28-2009 09:54 AM
we are using dynamic routing, so that would explain the issue. I guess i will have to connect up to the local interface. hopefully that will work.....
can the management interface be configured for this type of connection then?
Thanks,
Jeff
12-28-2009 09:58 AM
jwilder wrote:
we are using dynamic routing, so that would explain the issue. I guess i will have to connect up to the local interface. hopefully that will work.....
can the management interface be configured for this type of connection then?
Thanks,
Jeff
Jeff
Not sure as i have never done that, i just use the inside interface for these sort of things. You could add a static route to the primary for your subnet which would then get propagated to the standy which would temporarily give you access but you would need to be careful you didn't mess up your routing obviously.
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide