Solved: Steps to change interface IP on Cisco ASA Failover pair

Eric Shartle · ‎05-21-2018

Hello all,

I have a simple question. I have 2 ASA 5510 in Active/Standby. Active INSIDE IP is 10.1.0.3, failover is 10.1.0.4. Due to an asymmetrical routing issue - I need to change the INSIDE IPs to 10.5.0.3 and 10.5.0.4 respectively. I have a single ASA for testing, and have successfully done the subnet change there - added new routes, NAT exemptions....yada yada....traffic flows in/out just fine - and it fixed the redirect packets.

My problem is I don't have a failover pair to test with. So, I see the Failover section in ASDM under Device Management - where I can change the Standby IP. Should I do that before I change the interface IP of the active? Does it even matter? Should I suspend failover while making changes?

Just don't want to get hit with an unexpected hiccup - doing this over the holiday and would like to minimize time at work....heh.

Thanks!

Karsten Iwen · ‎05-21-2018

In a failover pair, you do all changes from the active unit. There is nothing to do on the standby unit. And both units have their IPs from the same IP-subnet, the change has to be done at the same time for both units. Best to login to the active unit through CLI, enter interface-configuration mode and set the new IPs.

View solution in original post

Karsten Iwen · ‎05-21-2018

In a failover pair, you do all changes from the active unit. There is nothing to do on the standby unit. And both units have their IPs from the same IP-subnet, the change has to be done at the same time for both units. Best to login to the active unit through CLI, enter interface-configuration mode and set the new IPs.