Lab Minutes Forum
Technical Discussion => Security => Topic started by: czekon26 on December 08, 2016, 02:50:34 AM
-
Hello,
I have a question regarding context failover on the Asa 5525. I have 2 ASA nodes which contain 2 failover groups of different contexts. Both groups are active on one ASA node. The thing is there is too much traffic going through that ASA. I would like to move one context group and make it active on the standby ASA. Is that possible? Is this gonna cause the service interruption during the switch over? What about the established VPN sessions. Are those will drop?
Looking forward to hear some tips and advices.
-
The whole point of having two failover group usually so that you can make one group active on one ASA and the other active on another ASA. I haven't done this for a while but I believe it's just one command to switch group to another ASA. I would certainly plan for service interruption both regular traffic and VPN.
-
I done the failover with no service interruption. As this is state full failover the connections copy was on the standby FW. Users didn't report any service break. Thanks
-
Thank you for the update. Glad it went well for you.