Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4723
Views
0
Helpful
1
Replies

Replace the failed primary unit ASA in HA.

msompong1
Level 1
Level 1

‎07-13-2020 12:05 AM

Hi All,

 

I've got the RMA unit ASA5506 (both same ASA Version 9.6(1)), I've replace this unit to the failed primary in HA pair with following step.

1.setup the failover interface

interface GigabitEthernet1/8
description LAN/STATE Failover Interface
!
failover
failover lan unit primary
failover lan interface folink GigabitEthernet1/8
failover link folink GigabitEthernet1/8
failover interface ip folink 1.1.1.1 255.255.255.0 standby 1.1.1.2

 

2.connect the faileover cable to the active/secondary firewall.

3.the blank configuration from the the new unit override to the active/secondary.

4.I've disconnect the failover cable and reboot the active/secondary for the temporary solution. 

 

My question is what is wrong in the replacement step ? and what is the best practice for this situation ?

Thank you.

0 Helpful
1 Reply 1

Rob Ingram
VIP
VIP

‎07-13-2020 12:22 AM

Hi,

You should have configured the working ASA as primary and added the replacement ASA as secondary, this way the correct configuration would have been replicated to the replacement ASA.

 

This cisco guide below covers the options you could have taken to re-introduce an ASA into a HA failover pair.

https://community.cisco.com/t5/security-documents/introducing-failed-primary-unit-back-in-the-ha-fail-over-pair/ta-p/3146927

 

HTH

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card