Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
568
Views
0
Helpful
2
Replies

failover issues

virtuacco
Level 1
Level 1

‎06-21-2011 08:03 PM - edited ‎03-11-2019 01:48 PM

There are 2x Cisco ASA 5505 in an active/standby failover config.  The primary asa 5505 has been reset and the secondary is now running as active.  I would like to reintroduce the primary again but need to know how to do this.

Ideally I would like to remove the failover config and start from scratch.  Do I just need to enter the following to disable failover on the active secondary box?

no failover

no failover lan unit secondary

no failover lan interface failover Vlan999

no failover interface ip failover 192.168.254.1 255.255.255.252 standby 192.168.254.2

Once I have done this can i just run through the HA Wizard? thanks in advance.

Labels:
0 Helpful
2 Replies 2

sainair
Level 1
Level 1

‎06-21-2011 08:41 PM

Hi Virtuacco,

If I understand this correct, the secondary is active and passing the traffic, right?

The configuration on the secondary is:

no failover

failover lan unit secondary

failover lan interface failover Vlan999

failover interface ip failover 192.168.254.1 255.255.255.252 standby 192.168.254.2

And the configuration on the primary is:

no failover

failover lan unit primary

failover lan interface failover Vlan999

failover interface ip failover 192.168.254.1 255.255.255.252 standby 192.168.254.2

Steps for introducing the Primary into the cluster, and making it active:

- make sure the primary has the above configuration (failover is turned off)

- connect the primary into the network

- make sure you are able to ping the failover IP addresses (192.168.254.1 and 

192.168.254.2) from both the devices

- then go to the primary device and issue the command:ASA(config)# failover

- the primary should become active and the secondary should become standby

This should make the primary device active. Let me know if you face any issues.

Thanks,

Sai

0 Helpful

varrao
Level 10
Level 10
In response to sainair

‎06-21-2011 10:26 PM

Hi,

No no, you need not disable the failover on Secondary to make the Primary active. If currently you have the Secondary firewall as active and the Primary as standby, then go to the Primary firewall and use the command "failover active" in the config mode, this would switch over the failover on the units, or else go to the secondaery unit and issue the command "no failover active".

Here is a doc for it:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807dac5f.shtml#Fofa

Hope this helps.

Thanks,

Varun

Thanks,
Varun Rao
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card