How to apply a new startup config to ASA active member and also force it to standby member
I have pair of ASA 5550 and I am trying to copy a new config to my member1 (active) as the new configuration I want to use for the pair. I want to copy this to start-up config on member1 and then reload member1 and have it copy the same config to member2 (stdby). I guess I am trying to understand if I copy the configuration to member1 and reload it, member 2(stdby) will have become active and try to copy the old configuration to member1 which I do not want.
Can someone help me get the commands straight that I need to execute to make sure the new startup config gets to both members without being overwritten?
If you are going to start from scratch and apply a new config anyway, I would suggest that you clear the config on both ASA, and copy the config the running config to ASA-1. Because otherwise if you copy it to start-up and reload the active ASA, the other unit will become the active, and will override the configuration. Even though the standby unit does not become the active unit, if you have a totally different configuration on ASA-1, then it would become a mess as the 2 configurations are different.
If it's a brand new configuration, then i would suggest uploading the config to the primary ASA start-up, then "write erase" both current config, reload both ASA. The secondary ASA needs to be configured with a few failover command, and primary ASA will automatically sync the config once secondary ASA has been configured with those failover comamnds.
This document provides a configuration example of Security Assertion Markup Language (SAML) Authentication on FTD managed over FDM. The configuration allows Anyconnect users to establish a VPN session authenticating with a SAML Identity Serv...
DMVPN Dual Hub Dual Cloud Pros and ConsProsNo single point of failureQuick failover if routing protocols are tunedLoad balancing is easyTraffic engineering is easyEasy to work with multiple ISPsConsNeed 2 tunnels per spokeConfiguration is more complicated...
I had in the past an issue when migrating Cisco Cloud Web Security to Cisco Umbrella for a Customer. The Cisco ASA Firewall blocks the DNScrypt provided by the Cisco Umbrella Virtual Appliance.The issue is solved by disabling DNS packet inspection between...
Network Security All-in-one Version 1.4: ASA Firepower WSA Umbrella VPN ISE Layer 2 Security This book is written for Network engineers working in the Security field and to prepare the CCNP Security exam, it includes Cisco ASA Firewall, ASA with Fire...
This document describes how to configure the Cisco L3 devices to forward DHCPv6 information to ISE for profiling purpose. Note that although Cisco IOS doesn’t support DHCPv6 via device sensor it still sends IPv6 via RADIUS accounting which i...