Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1406
Views
5
Helpful
2
Replies

Configuration Asa 5585

Go to solution
Rafael Romero Diaz
Level 1
Level 1

‎06-10-2020 03:24 AM

Hi,

Recently we had a problem with the handle and it was when we made the failover that we did not have the exact same configuration. Supposedly they should be in sync. The query is, apart from doing a show failover that gives us the output of context active or context standby ready, is there an snmp variable that can be queried to find out if they have the same config or a command that can be launched?

Thanks in advance.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎06-10-2020 02:14 PM

If this is Active/Active Multi context FW, make sure the configuration changes to be done always on Active Node Only if any changes are done in Standby accidentally (they can not be synched and it will be overridden with Active one- also not recommended any changes in Standby)

 

here is the document explain about sync. 

 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/ha_active_active.html#65140

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

2 Replies 2

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎06-10-2020 02:14 PM

If this is Active/Active Multi context FW, make sure the configuration changes to be done always on Active Node Only if any changes are done in Standby accidentally (they can not be synched and it will be overridden with Active one- also not recommended any changes in Standby)

 

here is the document explain about sync. 

 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/ha_active_active.html#65140

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
Rafael Romero Diaz
Level 1
Level 1
In response to balaji.bandi

‎06-10-2020 10:37 PM

HI,

This is active / passive configuration. Changes are normally made in the active context via asdm.
However, I am thinking that since we use rancid to back up the configuration, i will talk to the toolmates who handle the monitoring tool and that you can connect to a rancid and make a differential of the backup adn then so shows as alarm whether or not the settings of both contexts are the same.
I will review the document you indicate.
Thank you. @balaji.bandi 

0 Helpful
Customers Also Viewed These Support Documents