[c-nsp] ASA cluster downgrade
Mihai Gabriel
mihaigabriel at gmail.com
Tue Jun 28 11:28:35 EDT 2016
Yes, I have both interfaces, but the sessions replication doesn't work and
the traffic is dropped if I do a failover on the standby unit because a lot
of config is missing.
A copy-paste with the 8.2 configuration is needed to restore the services.
On Tue, Jun 28, 2016 at 4:10 PM, Nick Cutting <ncutting at edgetg.com> wrote:
> Could be very tough to do without failing over, and maybe breaking the
> interfirewall comms after failover.
>
> Do you have a failover interface and a state interface? If you have both
> and you are replicating all of the sessions, the users don't usually notice
> the failover.
>
> -----Original Message-----
> From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of
> Nick Hilliard
> Sent: Tuesday, June 28, 2016 11:07 AM
> To: Mihai Gabriel <mihaigabriel at gmail.com>
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] ASA cluster downgrade
>
> Mihai Gabriel wrote:
> > standby ASA boots with 8.2 version (and the 8.2 startup-config) and
> > starts the config replication, the configuration is messed up by the
> active unit.
> > Doing a failover to the standby unit will impact the services.
> > Is there a way to achieve this without disabling the clustering
> > feature and downgrading individually?
>
> probably not from 8.4 to 8.2, no. The NAT configuration mechanism changed
> considerably in 8.3 and 8.2 will not be able to read 8.3+ configs.
>
> Time to get out the configuration backups.
>
> Nick
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
More information about the cisco-nsp
mailing list