cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Please be advised, the GuideMe Wizard is no longer available on the Small Business Support Community. For search capability please use the community search field to find content related to Cisco Small Business documents, videos, and discussions.
8776
Views
29
Helpful
6
Replies
Beginner

Copy files between Active/Standby Failover Units. Cisco ASA 5508-x

Hi Guys::

               I am in US and Units are in India. I need to copy

  • anyconnect-win-3.1.14018-k9.pkg
  • asdm-762-150.bin

that is on the Primary Unit to the Standby unit.

Is there a way to copy from Primary to Secondary from CIi?

I copied the files from the Primary using ASDM but cannot connect to the secondary using ASDM.

Is there a way to use TFTP between the units, since they can ping each other?

I can only think about having someone in India plug a wire from a server to the VLAN that is handling failover and add another IP to the server so it can communicate with the secondary ASA... is there an easier way that I am missing?

Help would be appreciated

Thank You

6 REPLIES 6

Hi eford@haartz.com,

Hi eford@haartz.com,

No, you cannot copy files directly between the two ASA's. You need to first move the file from one ASA to another location and next from that location to the other ASA.

But, not directly between the ASA's

For ASDM access of secondary, you can configure port redirection on primary ASA.

SD-WAN Specialist
Spooster IT Services
Beginner

You can try this:

You can try this:

Make sure 'ssh copy enable' is on, and that ssh for that ip/subnet is enabled.

then scp from one ASA to the other

ASA# copy /noconfirm asa917-12-smp-k8.bin scp://username:password@IP_Addr/asa917-12-smp-k8.bin

I don't like having to put the password in clear text on the command line, but it doesn't seem to prompt interactively for a password. (even if I don't use /noconfirm)

Brian

Re: You can try this:

Much thanks - worked a treat and dub me out of a hole without flipping the ASAs over, cheers Tony
Beginner

Re: You can try this:

I know this is an old post, but wanted to confirm that this does work. Extremely helpful for certain situations. Thank you bmillar!

Beginner

Re: You can try this:

Thanks man.

Beginner

Below idea may work but I

Below idea may work but I also found that I could assign an IP to the standby unit by::

config t

int <Lan Interface, Inside>

ip address 192.168.1.1 255.255.255.0 standby 192.168.1.2

wr mem

Using this way I was able to connect to both ASA's verifying they contain the same necessary files

Thank You