Force failover a Cisco ASA

networking firewall cisco cisco-asa failover
28,448

Your first option wont work because the command failover lan state primary/secondary is used only to designate which ASA will be the primary/secondary in the event that they both boot at the same time. Your second option will work though, all you should need to do it log onto the secondary device and issue:

failover active

and you should failover.

When your maintenance is complete run the same command on the other (now primary) unit and it should fail back. Hope this helps.

Share:
28,448

Related videos on Youtube

user974896
Author by

user974896

Updated on September 18, 2022

Comments

  • user974896
    user974896 over 1 year

    I have two ASA in a lan state primary\secondary configuration. None of them have "failover active" or "no failover active" in their configuration. Would it be proper to failover in a manner such as:

    Log into console of primary unit and issue "failover lan state secondary", log into the console of the original secondary unit and issue "failover lan state primary". To fail back simply reverse the process

    or

    Log into the console of the primary unit and issue "no failover active", log into the console of the original secondary unit and issue "failover active". To fail back issue "failover active" on the original primary (now secondary) unit, and "no failover active" on the now primary unit.

    I do not like the second method because it adds configuration directives that were not in place before. Will the first method work?

    • HopelessN00b
      HopelessN00b over 11 years
      Why not just set them up in a failover cluster?
    • user974896
      user974896 over 11 years
      This is how they are configured and this is how they stay. I need to fail them over temporarily.
    • Philip
      Philip over 11 years
      What are you trying to accomplish exactly?
    • user974896
      user974896 over 11 years
      I want to force failover the two ASA units. I want the primary to become the secondary standby and the secondary to become the active primary unit. I want to do some maintenance then switch them back.
    • HopelessN00b
      HopelessN00b over 11 years
      My ASAing might be a bit rusty, but if they're in a failover cluster, aren't the config changes replicated from one to t'other? So... what maintenance are you needing to do that you can't do without failing over?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Cisco ASA: Multiple static IPs on a single interface
Cisco ASA - difference between inside_access_in and inside_access_out?
Why can I not ping my host behind the firewall? Cisco asa 5505
debugging ASA firewall rules (with or without ASDM)
i cant ping to my DMZ zone from the local inside PC
Cisco ASA: How to free memory without reboot?
Changing ASA access lists on the fly
VPN: Cisco / Watchguard: IKE lost contact with remote peer
Cisco ASA Implicit rule dropping traffic
ASA 5540 Enable Password Issue