Cisco ASA 5500 Active/Standby - Zero Downtime Upgrade

You have the task to upgrade two Cisco ASAs deployed in Active/Standby configuration. This is a high availability solution, so it will be desirable to avoid downtime.

//Back up the current configuration
active#copy run tftp

//Upload the new IOS to the firewall.
active#copy tftp disk0://10.20.209.x//asa916-4-smp-k8.bin

failover exec mate copy tftp://10.20.209.x/asa916-4-smp-k8.bin disk0:///asa916-4-smp-k8.bin
**OR SWAP CONSOLE CABLE OVER!

On Primary firewall

//Veirfy the IOS stored in the boot path
active#show running-config boot system

active#config t

active#boot system disk0:/asa916-4-smp-k8.bin
active#no boot system disk0:/asa912-smp-k8.bin

active#show running-config boot system

//Save the changes
active#write mem

//Reboot standby firewall which should boot off the new IOS.
active#failover reload-standby

//Verify failover configuration
active#show failover

//Force failover to the secondary firewall
active#no failover active

//Reboot the primary firewall which should boot off the new IOS.
newstandby#reload

//When firewall is back up, log in and restore intended Active/Standby configuration.
newstandby#failover active

pacchetto life

Search This Blog

Cisco ASA 5500 Active/Standby - Zero Downtime Upgrade

Comments

Post a Comment