Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
640
Views
0
Helpful
4
Replies

Issues migrating from ASA 5585 pair to Firepower 4125 in ASA mode

ab23
Level 1
Level 1

‎07-13-2023 06:45 AM

We have a 5585 pair in active/standby. Each 5585 is directly connected to a Nexus 7k. The 5585's failover link is directly connected via 10g fiber between buildings. I have two new FP4125's that I have created a logical ASA on each one, copied the config and all the contexts over to the logical ASA's, the management context is up and the management standby IP is up, but NONE of the context standby IP's will show up in the 'standby' Nexus 7k, so the standby IP's aren't reachable and causes failover to be broken. TAC doesn't seem to have an idea and wants us to update the Nexus code since we're on 6.2. Anyone else run into this before? 

FP4125 version

Version: 2.12(0.498)
Startup-Vers: 2.12(0.498)

 

ASA Version 9.16.4.19

 

NX7K  System version: 6.2(16)

0 Helpful
4 Replies 4

marce1000
VIP
VIP

‎07-14-2023 08:25 AM

 

 - If same ports are used on the network then clear the arp cache on the involved ports and or clear the arp cache completely for instance on the standby nexus , 

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

MHM Cisco World
VIP
VIP

‎07-14-2023 08:34 AM

context, how you add ASA image into FPR4100?

0 Helpful

Marius Gunnerud
VIP
VIP

‎07-14-2023 03:16 PM

Have you allocated interfaces to the contexts within context configuration in the default context?  If yes, then verify if the interfaces are enabled in FXOS.

https://www.cisco.com/c/en/us/td/docs/security/asa/asa96/configuration/general/asa-96-general-config/intro-logical-devices.html#topic_lhs_kdk_cfb

 

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame

‎07-17-2023 06:04 AM

Are you using portchannels on your Nexus interfaces? If so, note that each ASA (primary and secondary) uses separate portchannels to the Nexus cores. While a Nexus portchannel can span two physical devices visa use of vPC, there's no such construct on the ASA (or FTD for that matter).

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card