Cisco ASA firewall swap

Cisco ASA FW replacement Active sand Standby Mode
思科防火墻 更換

must make sure the cross connection is there.

1. must have written connection for DC to check
2. must make sure the lincense is there show verion
3. Must have a roll back plane.
4. Must communication effectively with DC guys.

show X
Show arp
show ×××-session L2l
sh run nat

Primary A
Gi1/1 to Switch
Gi1/2 to Switch
GI1/8 to Sec B Gi1/8 ( cross connect)
Secondary B

New Primay C
New Secondary D

Step 1.
Move all the connection from B to New Secondary D ( include cross connect)

Step 2.
Failover over the Active to New Secondary D ( in new D failover active)
show failvoer state
Step 3.
Move all the connection from A to new C.
Show failvoer state

Step 3.
Move the Active FW to new C. ( in C failvoer active)

show xlate
show arp
ping host to see if its live
show -session-l2l to check tunnel status.

因為跟換的時候是一臺一臺更換的。

導(dǎo)致我在更換的時候，
比如 Old Primary 和 New Sec D 的時候， 怎么也不工作， 原來他們之間的
Failover Link 沒有連起來

Suppose
Old Primary Failvoer link to New Sec D Failover link.

現(xiàn)實連的是
New Priamary C Failover link to New Sec D failover link.

Note: cross connect = Failvoer link.

是主防火墻 和備用防火墻之間的通信連接