08-18-2020 03:13 AM
Hi,
I'm upgrading Cisco ASA from 9.10(1)30 to 9.10(1)42. Have got multiple site to site VPN tunnels and webvpn setup too on this box. What impact i can expect when the failover happens?
Will the site to site VPN try to renegotiate?
Or
can the current VPN session be replicated to the standby peer including IKE negotiations so that there is no renegotiation happening ?
Thanks.
08-18-2020 05:32 AM
Hi,
I assume you have an ASA Active/Standby HA pair? If so, then yes the ISAKMP and IPSec sessions are replicated to the standby, so no renegotiation. You’d still want to perform the upgrade in a change window though.
HTH
08-18-2020 05:37 AM
Hi Rob,
Thanks, yes I have Active/Standby HA pair setup. I was reading one of the article where it says minor release doesn't impact ongoing VPN but the major release upgrade can force phase 1 and phase 2 to renegotiate - is that correct ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide