Cisco ASA firewall swap

Cisco ASA FW replacement Active sand Standby Mode
思科防火牆 更換

must make sure the cross connection is there.

1. must have written connection for DC to check
2. must make sure the lincense is there show verion
3. Must have a roll back plane.
4. Must communication effectively with DC guys.

show X
Show arp
show ×××-session L2l
sh run nat

Primary A
Gi1/1 to Switch
Gi1/2 to Switch
GI1/8 to Sec B Gi1/8 ( cross connect)
Secondary B

New Primay C
New Secondary D

Step 1.
Move all the connection from B to New Secondary D ( include cross connect)

Step 2.
Failover over the Active to New Secondary D ( in new D failover active)
show failvoer state
Step 3.
Move all the connection from A to new C.
Show failvoer state

Step 3.
Move the Active FW to new C. ( in C failvoer active)

show xlate
show arp
ping host to see if its live
show -session-l2l to check tunnel status.

由於跟換的時候是一臺一臺更換的。

致使我在更換的時候，
好比 Old Primary 和 New Sec D 的時候， 怎麼也不工做， 原來他們之間的
Failover Link 沒有連起來

Suppose
Old Primary Failvoer link to New Sec D Failover link.

現實連的是
New Priamary C Failover link to New Sec D failover link.

Note: cross connect = Failvoer link.

是主防火牆 和備用防火牆之間的通訊鏈接