08-09-2018 07:08 AM - edited 02-21-2020 08:05 AM
Tried this in the firewall section but no one knew the answer. Figured I'd ask here next.
I have two 5520's. One in production with an IPS SSM-10 installed, and one in storage. All parameters are identical except I don't have an SSM-10 for the storage 5520.
Can I still HA pair that storage 5520 to the production 5520 if I don't have an IPS module in the standby unit but I do have one in the active unit or will it not work? The IPS's have to be configured manually - meaning that replication to mate does not take care of the IPS so I would think no, but not sure.
Solved! Go to Solution.
08-09-2018 07:54 AM
Both devices have to be identically. WIth the SSM-10 being EOL and without any signature-updates, I would remove the module from the first ASA and operate both without.
But remember that the ASA 5520 is also EOL and should be replaced soon.
08-09-2018 07:54 AM
Both devices have to be identically. WIth the SSM-10 being EOL and without any signature-updates, I would remove the module from the first ASA and operate both without.
But remember that the ASA 5520 is also EOL and should be replaced soon.
08-09-2018 08:08 AM
Thanks Karsten. So just to confirm: It's either both with IPS or both without right?
Cannot run one with and one without in HA pair even though config sync doesn't replicate between them like running-conf of the ASA itself does right?
08-09-2018 08:15 AM
08-09-2018 08:30 AM
Thank you Sir.
A follow up question:
My storage 5520 has no config on it or on the IPS. When I console into the 5520 and do "session 1" it says the module in slot 1 did not respond and it's state is "unresponsive."
Do I need to do something before I can session to it with a blank config, connected via console connection or should that work?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide