Re: Setting UP a SECOND ASA5506-x firewall

Myleslandish · ‎04-18-2024

Hello, I successfully set up/configured my first ASA device. I just purchased as second 5506 and am wondering about how compatible or incompatible the bkup configuration files I’ve saved from the first device are gonna be with the second ASA. It mentioned something about a master passphrase when making the bkup. It just started to say this and I’m sure it’s bc I changed a setting on the device and I’m just trying to figure out how to get it bk to a standard one without the master pass phrase being necessary to use it on a secondary device.

Georg Pauwen · ‎04-18-2024

Hello,

the master passphrase has nothing to do with the content of the backup file, it acts as a key to decrypt the backup file when it needs to be restored. I assume you used the command ' write memory encrypt' when you made the backup ?

Myleslandish · ‎04-19-2024

At few weeks into it I got into a part with keys being given and or generated. So I just assumed it had something to do with that. Idk if I tried to reset bk to a config before I ever did those changes.

Myleslandish · ‎04-19-2024

I didn’t

MHM Cisco World · ‎04-18-2024

Both same platform and same ver.

If yes then backup config to tftp and then download it for second asa.

MHM

Myleslandish · ‎04-19-2024

Same device 5506-x with firepower. But I don’t believe it goes beyond that in similarities. I just wish I could copy the first one to the second

Aref Alsouqi · ‎04-19-2024

The master passphrase is used to encrypt the plain text passwords with a specific key you configure on the ASA. Did you try to use the command "show system:running-config" and see if you can see the password in an unencrypted format? also, why not to add this new firewall as a secondary device and form an HA pair?

Myleslandish · ‎04-19-2024

I haven’t been able to use cl

Aref Alsouqi · ‎04-19-2024

Sorry if I missed this, but why you were not able to get access into CLI?

Check out this link please about how to configure high availability on the ASA firewalls:

Cisco ASA Active/Passive Failover Configuration Example (packetswitch.co.uk)

Myleslandish · ‎04-19-2024

I’ve noticed it seems to have a cl to use on the ASDM; and I’ve used a few from the selections but i haven’t been able to connect to it with the console or whatever. Would any and all commands work on the ASDM same as the standard cl?

Aref Alsouqi · ‎04-20-2024

Yes, "ASDM > Tools > Command Line Interface" should give you the same output as if you are connected to the firewall CLI.

Myleslandish · ‎04-22-2024

Good to hear; thanku

Myleslandish · ‎04-19-2024

I have looked at the files in text format and that was how I was able to activate an identity certificate and something else

Myleslandish · ‎04-19-2024

HA pair is what? For real, I’m low on this totem ppl