Cisco ASA firewall swap

Posted 2021-01-07

Cisco ASA FW replacement Active sand Standby Mode
思科防火墙 更换

must make sure the cross connection is there.

1. must have written connection for DC to check
2. must make sure the lincense is there show verion
3. Must have a roll back plane.
4. Must communication effectively with DC guys.

show X
Show arp
show ×××-session L2l
sh run nat

Primary A
Gi1/1 to Switch
Gi1/2 to Switch
GI1/8 to Sec B Gi1/8 ( cross connect)
Secondary B

New Primay C
New Secondary D

Step 1.
Move all the connection from B to New Secondary D ( include cross connect)

Step 2.
Failover over the Active to New Secondary D ( in new D failover active)
show failvoer state
Step 3.
Move all the connection from A to new C.
Show failvoer state

Step 3.
Move the Active FW to new C. ( in C failvoer active)

show xlate
show arp
ping host to see if its live
show -session-l2l to check tunnel status.

因为跟换的时候是一台一台更换的。

导致我在更换的时候，
比如 Old Primary 和 New Sec D 的时候， 怎么也不工作， 原来他们之间的
Failover Link 没有连起来

Suppose
Old Primary Failvoer link to New Sec D Failover link.

现实连的是
New Priamary C Failover link to New Sec D failover link.

Note: cross connect = Failvoer link.

是主防火墙 和备用防火墙之间的通信连接