Cisco ASA

From Dave-Wiki
Revision as of 02:44, 12 February 2024 by Dave (talk | contribs) (Created page with "=HA/Redundancy= ==Manual Failover== Manually failover a group to the peer firewall: # <code>admin# changeto system</code> # <code>show failover</code> # <code>failover active group 2</code> ''(this makes the currently-logged-in firewall active for group 2)'' ==Move Context== Move context from group 2 to group 1: ''Note: All groups must be on same firewall before you can move a context to another group.'' <code>admin# changeto system</code> <code># failover active g...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

HA/Redundancy

Manual Failover

Manually failover a group to the peer firewall:

  1. admin# changeto system
  2. show failover
  3. failover active group 2 (this makes the currently-logged-in firewall active for group 2)

Move Context

Move context from group 2 to group 1:

Note: All groups must be on same firewall before you can move a context to another group.

admin# changeto system

# failover active group 2 this fails group 2 traffic over to this firewall

# conf t

(config)# context fw02

(config-ctx)# join-failover-group 1

(config-ctx)# end

# wr mem

# no failover active group 2 this fails group 2 contexts back to other firewall

VPN

Debug

Debug Specific Peer

# debug crypto condition peer 1.1.1.1

# debug crypto ikev2 protocol 127

Stop All Debugs

# undebug all

Retrieved from "https://davehome.net/wiki/index.php?title=Cisco_ASA&oldid=101"