It might be required that due to IP address shortage or IP address overlap in the Internal Network , we might need to change the Fail-over interface IP addresses.
For ex:- We see this error on the ASA device while trying to configure the ASA device and the Fail-over IP are overlapping.
WARNING: 192.168.0.0-192.168.255.255 overlaps with failover interface address. The failover units may become active
This is the Fail-over configuration causing this error:-
failover lan unit primary
failover lan interface FAIL GigabitEthernet0/5
failover link STATE GigabitEthernet0/4
failover interface ip FAIL 192.168.201.1 255.255.255.252 standby 192.168.201.2
failover interface ip STATE 192.168.202.1 255.255.255.252 standby 192.168.202.2
To change the IP address on the Fail-over interface , we need to follow these steps:-
1) Disable the Fail-over in the Primary unit:-
2) Fail-over status on the Secondary Unit will go to:-
Failover Off (pseudo-Standby) Failover unit Secondary
3) Change the IP address on both the ASA units separately. It will be the same command on both the units:-
failover interface ip FAIL 172.16.2.3 255.255.255.252 standby 172.16.2.4 failover interface ip STATE 172.16.4.5 255.255.255.252 standby 172.16.4.6
4) Once , you configure the IP address information , re-enable the fail-over first on the Primary unit and then on the Secondary Unit.
5) Fail-over will come up fine with the changed IP address on the Fail-over interface.
If you have a switch connected between the ASA Units for the Fail-over interfaces , I would suggest clearing the ARP entries on the switch.
Hello,we want to establish a connection to an external MDM Server, that is Matrix42 Silverback.Someone has experience with Matrix42 Silverback and its integration with ISE (Version 2.6)?Are they compatible?Can we use APIs?Thanks in advance
Hi, Where can I change the "crypto ipsec security-association lifetime" in a Cisco ASA5508-X Threat Defense and/or Cisco ASA5516-X Threat Defense? If it is possible at all. Or at least please help me find out what is default for those model...
I am a little confused about the maximum concurrent connection on what is considered a Hybrid ISE deployment with a dedicated PSN node and a dedicated deployment with dedicated PSN nodes. If I have a Hybrid deployment with a dedicated PSN node a the size ...
I need to migrate from C170 to C190 and have already match to the same Firmware Version. I have a question. Is there any method that can export and import the configuration file instead of form cluster ?
Hello, I stumbled upon a problem today. I have an ASA with firepower services. I noticed that in the events some URLs are shown as numbers and the action is blocked. Is there anything, in particular, I could check to see wh...