I have a pair of asa5520's in active/standby configuration. I plan on ugrading the asa/asdm images to 8.4 shortly (currently on 8.0) and would like to do this with zero downtime. Specifically, I would like to upload the new software to the standby unit, upgrade it, swap standby/active units and then upgrade what will become the standby after the swap.
The problem I'm having is getting the new images uploaded onto the standby unit. I've read that the routing table is not shared from the primary and the USB ports are "for future use". I have no problem uploading the new images to the active unit via tftp...but can't do the same to the standby.
In a nut shell, how can I upload new images to the standby unit?
You are looking for the zero-downtime process for a failover pair:
While you have the ASAs on the same version,you will need to do the following:
And by the way Routing protools are being shared on ASA versions 8.4
Thanks Julio, I have seen this doc before. I’m really only having one issue:
Step 1 Download the new software to both units
This is what I need help with, I cannot upload the software to the unit currently ‘standby’. My goal is the upload and upgrade the standby unit, then make it active to upgrade the other unit.
Technical Services Professional
There are some options you can do to do this,
You can download the image to a laptop, then connected directly to an interface on the Secondary unit and try to do it, you can set the stand by unit as active while doing this and then as soon as you have the image on the secondary ASA, just select the primary unit as the active again.
Do you understand my point here??
I understand what you’re saying, I guess I just have one question. We use this ASA as a VPN concentrator, when swapping the units from active to standby and vice-versa, are end connected into it dropped? If they aren’t then I could just make the swap at any time and be able to tftp normally.
If you have a stateful link between the ASAs yes you can do it.
Please rate helpful posts.