Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1130
Views
15
Helpful
4
Replies

how to ensure the primary ASA 5525 taking over

Go to solution
baselzind
Level 6
Level 6

‎05-31-2021 01:18 AM

i have two 5525-x "active standby" with sfr managed by fmc , I disconnected them and upgraded each one to 9.14.2. I installed back the one with "failover primary" into the rack and brought it live but now i need to connect the "failover secondary". I want to ensure that my primary asa stays primary when i connect the HA cable so that the secondary doesn't overwrite it and becomes active. DO I shutdown and connect the secondary ASA HA then bring it up so that i ensure it becomes secondary? or do i connect it while it is up? also when doing both scenarios would there be outage? like the primary would restart?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-31-2021 01:26 AM

Make sure your primary - active is healthy. Prior to bringing up the secondary make sure it it configured with "failover secondary". Do not connect any interfaces except the failover interface. Then power it on. It will detect an Active mate and sync from it as part of the initialization process. Once it is synced, connect other other interfaces. Finally verify it is in standby - ready state.

 

View solution in original post

4 Replies 4

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-31-2021 01:26 AM

Make sure your primary - active is healthy. Prior to bringing up the secondary make sure it it configured with "failover secondary". Do not connect any interfaces except the failover interface. Then power it on. It will detect an Active mate and sync from it as part of the initialization process. Once it is synced, connect other other interfaces. Finally verify it is in standby - ready state.

 

Go to solution
baselzind
Level 6
Level 6
In response to Marvin Rhoads

‎05-31-2021 01:35 AM - edited ‎05-31-2021 01:42 AM

how do I check if my primary is healthy? atm my primary is live since 1 week and I didn't get any complaints. Also when I do what you have described would there be an outage? like during the time the secondary boot and comes up?

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to baselzind

‎05-31-2021 02:29 PM

There should not be an outage as the secondary boots up and comes into service. 

HTH

Rick

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to baselzind

‎06-01-2021 01:55 AM

Check the Primary-Active with "show failover" and make sure the only failure noted is due to the Secondary being offline (failed).

Bringing up the Secondary following the recommended procedure should not have any impact on current traffic through the primary unit.

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card