Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1197
Views
0
Helpful
5
Replies

Uploading new image to 'standby' ASA5520

scocook
Level 1
Level 1

‎12-01-2011 11:52 AM - edited ‎03-11-2019 02:58 PM

I have a pair of asa5520's in active/standby configuration.  I plan on ugrading the asa/asdm images to 8.4 shortly (currently on 8.0) and would like to do this with zero downtime.  Specifically, I would like to upload the new software to the standby unit, upgrade it, swap standby/active units and then upgrade what will become the standby after the swap.

The problem I'm having is getting the new images uploaded onto the standby unit.  I've read that the routing table is not shared from the primary and the USB ports are "for future use".  I have no problem uploading the new images to the active unit via tftp...but can't do the same to the standby.

In a nut shell, how can I upload new images to the standby unit?

Labels:
0 Helpful
5 Replies 5

Julio Carvajal
VIP Alumni
VIP Alumni

‎12-01-2011 12:02 PM

Hello Scocook,

You are looking for the zero-downtime process for a failover pair:

While you have the ASAs on the same version,you will need to do the following:

http://tools.cisco.com/squish/bDF6f

And by the way Routing protools are being shared on ASA versions 8.4

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

scocook
Level 1
Level 1
In response to Julio Carvajal

‎12-01-2011 12:07 PM

Thanks Julio, I have seen this doc before. I’m really only having one issue:

Step 1 Download the new software to both units

This is what I need help with, I cannot upload the software to the unit currently ‘standby’. My goal is the upload and upgrade the standby unit, then make it active to upgrade the other unit.

Thank you,

Scott Cook

Technical Services Professional

BT Conferencing

Preview file
1 KB
0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni
In response to scocook

‎12-01-2011 12:11 PM

Hello Scocook,

There are some options you can do to do this,

You can download the image to a laptop, then connected directly to an interface on the Secondary unit and try to do it, you can set the stand by unit as active while doing this and then as soon as you have the image on the secondary ASA, just select the primary unit as the active again.

Do you understand my point here??

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

scocook
Level 1
Level 1
In response to Julio Carvajal

‎12-01-2011 12:23 PM

I understand what you’re saying, I guess I just have one question. We use this ASA as a VPN concentrator, when swapping the units from active to standby and vice-versa, are end connected into it dropped? If they aren’t then I could just make the swap at any time and be able to tftp normally.

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni
In response to scocook

‎12-01-2011 01:01 PM

Hello Scocook,

If you have a stateful link between the ASAs yes you can do it.

Regards,

Please rate helpful posts.

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card