Cisco ASA: Difference between revisions

From Dave-Wiki
Line 13: Line 13:
''Note: All groups must be on same firewall before you can move a context to another group.''
''Note: All groups must be on same firewall before you can move a context to another group.''


# <code>admin# changeto system</code>
admin# changeto system
# <code># failover active group 2</code> ''(this fails group 2 traffic over to this firewall)''
# failover active group 2
# <code># conf t</code>
# conf t
# <code>(config)# context fw02</code>
(config)# context fw02
# <code>(config-ctx)# join-failover-group 1</code>
(config-ctx)# join-failover-group 1
# <code>(config-ctx)# end</code>
(config-ctx)# end
# <code># wr mem</code>
# wr mem
# <code># no failover active group 2</code> ''(this fails group 2 contexts back to other firewall)''
# no failover active group 2


=VPN=
=VPN=

Revision as of 20:21, 21 January 2025

HA/Redundancy

Manual Failover

Manually failover a group to the peer firewall: 

admin# changeto system
show failover
failover active group 2

Move Context

Move context from group 2 to group 1:

Note: All groups must be on same firewall before you can move a context to another group. 

admin# changeto system
# failover active group 2
# conf t
(config)# context fw02
(config-ctx)# join-failover-group 1
(config-ctx)# end
# wr mem
# no failover active group 2

VPN

Debug

Debug Specific Peer

# debug crypto condition peer 1.1.1.1

# debug crypto ikev2 protocol 127

Stop All Debugs

# undebug all

Retrieved from "https://davehome.net/wiki/index.php?title=Cisco_ASA&oldid=422"