[c-nsp] ASA cluster downgrade
Nick Cutting
ncutting at edgetg.com
Tue Jun 28 11:10:18 EDT 2016
Could be very tough to do without failing over, and maybe breaking the interfirewall comms after failover.
Do you have a failover interface and a state interface? If you have both and you are replicating all of the sessions, the users don't usually notice the failover.
-----Original Message-----
From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Nick Hilliard
Sent: Tuesday, June 28, 2016 11:07 AM
To: Mihai Gabriel <mihaigabriel at gmail.com>
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] ASA cluster downgrade
Mihai Gabriel wrote:
> standby ASA boots with 8.2 version (and the 8.2 startup-config) and
> starts the config replication, the configuration is messed up by the active unit.
> Doing a failover to the standby unit will impact the services.
> Is there a way to achieve this without disabling the clustering
> feature and downgrading individually?
probably not from 8.4 to 8.2, no. The NAT configuration mechanism changed considerably in 8.3 and 8.2 will not be able to read 8.3+ configs.
Time to get out the configuration backups.
Nick
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list