cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3653
Views
10
Helpful
6
Replies
Beginner

ASA reboot

In my network, i have ASA 5510 in pair, Active  and stand by. I want to  reboot this firewall without network downtime. Can someone suggest the process ?

I know about the force failover but want to make sure for that?

Can some one suggest step by sep process for this reboot process?

1 ACCEPTED SOLUTION

Accepted Solutions
VIP Mentor

Re: ASA reboot

If your failover is working correctly (and you have configured it as stateful failover) then the VPNs will keep working.
Check the output of "show failover" if everything is fine there.
6 REPLIES 6
VIP Mentor

Re: ASA reboot

First: Why do you want to reboot? Is it for updating software?

In general:

  1. On the active ASA: Do a "failover reload-standby". This will reload the standby unit. Wait for the standby ASA to come back.
  2. Still on the active ASA: While there is no important communication, do a "no failover active". The other unit will take over the active role. You will lose the connectivity to your SSH-session here.
  3. Login again to the active ASA (which is the other ASA now) and also do a "failover reload-standby". Both ASAs are now reloaded.
Beginner

Re: ASA reboot

During this process, what happen with active VPN session ? Will they be terminated or not ?

VIP Mentor

Re: ASA reboot

If your failover is working correctly (and you have configured it as stateful failover) then the VPNs will keep working.
Check the output of "show failover" if everything is fine there.
Highlighted
Frequent Contributor

Re: ASA reboot

Hi Karsten,

I have a quick question: for an Active-Active scenario how can I simply reboot both units without concern for network impact?
With Cisco stacking switches I can either reboot the stack or just one member of the stack. What about ASAs?

Thanks!
VIP Rising star

Re: ASA reboot

Hi Florin,

The trick with active-active failover scenario is to make both failover groups active on the primary or secondary unit.

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/111867-asa-failover-upgrade.html#Actact

 

HTH

Bogdan

Frequent Contributor

Re: ASA reboot

I am mixing things here: ASA failover technology is distinct to stacking technology.
I did as Bogdan mentioned and rebooted one member at a time.