Cisco ASA: Difference between revisions
Jump to navigation
Jump to search
| Line 14: | Line 14: | ||
# <code>admin# changeto system</code> | # <code>admin# changeto system</code> | ||
# <code># failover active group 2</code> ''this fails group 2 traffic over to this firewall'' | # <code># failover active group 2</code> ''(this fails group 2 traffic over to this firewall)'' | ||
# <code># conf t</code> | # <code># conf t</code> | ||
# <code>(config)# context fw02</code> | # <code>(config)# context fw02</code> | ||
| Line 20: | Line 20: | ||
# <code>(config-ctx)# end</code> | # <code>(config-ctx)# end</code> | ||
# <code># wr mem</code> | # <code># wr mem</code> | ||
# <code># no failover active group 2</code> ''this fails group 2 contexts back to other firewall'' | # <code># no failover active group 2</code> ''(this fails group 2 contexts back to other firewall)'' | ||
=VPN= | =VPN= | ||
Latest revision as of 02:45, 12 February 2024
HA/Redundancy
Manual Failover
Manually failover a group to the peer firewall:
admin# changeto systemshow failoverfailover active group 2(this makes the currently-logged-in firewall active for group 2)
Move Context
Move context from group 2 to group 1:
Note: All groups must be on same firewall before you can move a context to another group.
admin# changeto system# failover active group 2(this fails group 2 traffic over to this firewall)# conf t(config)# context fw02(config-ctx)# join-failover-group 1(config-ctx)# end# wr mem# no failover active group 2(this fails group 2 contexts back to other firewall)
VPN
Debug
Debug Specific Peer
# debug crypto condition peer 1.1.1.1
# debug crypto ikev2 protocol 127
Stop All Debugs
# undebug all