I am in US and Units are in India. I need to copy
that is on the Primary Unit to the Standby unit.
Is there a way to copy from Primary to Secondary from CIi?
I copied the files from the Primary using ASDM but cannot connect to the secondary using ASDM.
Is there a way to use TFTP between the units, since they can ping each other?
I can only think about having someone in India plug a wire from a server to the VLAN that is handling failover and add another IP to the server so it can communicate with the secondary ASA... is there an easier way that I am missing?
Help would be appreciated
No, you cannot copy files directly between the two ASA's. You need to first move the file from one ASA to another location and next from that location to the other ASA.
But, not directly between the ASA's
For ASDM access of secondary, you can configure port redirection on primary ASA.
You can try this:
Make sure 'ssh copy enable' is on, and that ssh for that ip/subnet is enabled.
then scp from one ASA to the other
ASA# copy /noconfirm asa917-12-smp-k8.bin scp://username:password@IP_Addr/asa917-12-smp-k8.bin
I don't like having to put the password in clear text on the command line, but it doesn't seem to prompt interactively for a password. (even if I don't use /noconfirm)
Below idea may work but I also found that I could assign an IP to the standby unit by::
int <Lan Interface, Inside>
ip address 192.168.1.1 255.255.255.0 standby 192.168.1.2
Using this way I was able to connect to both ASA's verifying they contain the same necessary files