Cisco ASA Series Cli Configuration Manual page 352
Software version 9.0 for the services module
Hide thumbs
Also See for ASA Series:
- Configuration manual (429 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
Auto Update Server Support in Failover Configurations
If neither of the above options are possible, then you can use one of the following less desirable
workarounds that impacts failover functionality or STP stability:
•
•
•
Auto Update Server Support in Failover Configurations
You can use the Auto Update Server to deploy software images and configuration files to ASAs in an
Active/Standby failover configuration. To enable Auto Update on an Active/Standby failover
configuration, enter the Auto Update Server configuration on the primary unit in the failover pair. See
the
The following restrictions and behaviors apply to Auto Update Server support in failover configurations:
•
•
•
•
•
•
•
Auto Update Process Overview
The following is an overview of the Auto Update process in failover configurations. This process
assumes that failover is enabled and operational. The Auto Update process cannot occur if the units are
synchronizing configurations, if the standby unit is in the failed state for any reason other than SSM card
failure, or if the failover link is down.
1.
2.
3.
4.
Cisco ASA Series CLI Configuration Guide
1-16
Blocking BPDUs disables STP on the switch. Be sure not to have any loops involving the ASA in
your network layout.
Disable failover interface monitoring.
Increase failover interface holdtime to a high value that will allow STP to converge before the ASAs
fail over.
Decrease STP timers to allow STP to converge faster than the failover interface holdtime.
"Configuring Auto Update" section on page
Only single mode, Active/Standby configurations are supported.
When loading a new platform software image, the failover pair stops passing traffic.
When using LAN-based failover, new configurations must not change the failover link
configuration. If they do, communication between the units will fail.
Only the primary unit will perform the call home to the Auto Update Server. The primary unit must
be in the active state to call home. If it is not, the ASA automatically fails over to the primary unit.
Only the primary unit downloads the software image or configuration file. The software image or
configuration is then copied to the secondary unit.
The interface MAC address and hardware-serial ID is from the primary unit.
The configuration file stored on the Auto Update Server or HTTP server is for the primary unit only.
Both units exchange the platform and ASDM software checksum and version information.
The primary unit contacts the Auto Update Server. If the primary unit is not in the active state, the
ASA first fails over to the primary unit and then contacts the Auto Update Server.
The Auto Update Server replies with software checksum and URL information.
If the primary unit determines that the platform image file needs to be updated for either the active
or standby unit, the following occurs:
a.
The primary unit retrieves the appropriate files from the HTTP server using the URL from the
Auto Update Server.
b.
The primary unit copies the image to the standby unit and then updates the image on itself.
Chapter 1
1-26, for more information.
Information About Failover
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
