Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
471
Views
0
Helpful
2
Replies

Asa 5508-x dead primary. Need Secondary to copy config to RMA ASA

dmooreami
Level 3
Level 3

‎11-02-2022 03:09 PM

had the primary die, but secondary is up.

I am fuzzy on the trick to get the active/secondary to replicate the config over to the new "blank" rma ASA.

Best I recall is

  1. I need to copy all the interface commands over to the "new" blank asa.
  2. Something about failover commands and switch primary with sec.

then memory starts failing.

Isn't it better to make my current "secondary" the new Primary with a

failover lan unit primary

I realize there will be a short outage.

Before copy of config :

  • copy over primary IOS to rma asa
  • copy primary ASDM to rma.
  • copy anyconnect pgk files
  • copy xml files that deal with anyconnect

Next on the new blank asa,

  1. copy all interface commands
  2. change failover commands on rma  to "failover lan unit secondary"
  3. Then connect ONLY the failover interface cable only. 
  4. the new primary should copy its config over to the rma ASA.
  5. Naturally I will have to copy over all the anyconnect.pkg, and make sure the IOS and asdm are same version as my primary

Please correct me when needed.

 

 

 

 

 

0 Helpful
2 Replies 2

marce1000
VIP
VIP

‎11-03-2022 12:21 AM

 

 - Check these threads : https://community.cisco.com/t5/network-security/replacing-primary-asa-in-h-a-pair/td-p/3369761 and https://community.cisco.com/t5/network-security/asa-failover-pair-hw-replacement/td-p/1445549



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !
0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎11-03-2022 12:23 AM

Does the ASA have SFR Module (and Live ?)

easy method, New ASA RMA, prepare offline with the same code as Secondary.

Confgure only sync and Manangement

disable any monitor configured, so its not failover

connect to Management and sync link only so config will be replicated to mate.

Once Sync completed - connect other cables and check all the interface up and working, enable monitoring

test some failovers.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card