Have an interesting issue, and no "testbed" available to evaluate my options, curious if anyone has "been there, done that"...
Have a pair of ASAs running multiple contexts in active/active failover mode. They are basically multiple contexts with an "inside" and "outside" interface. The "insides" are grouped into trunks (G0/0 and G0/2), as well as the "outsides" (G0/1 and G0/3). We have load sharing by dividing the contexts across the pairs of available trunks (physical interfaces). They are further load shared by dividing the context failover groups across the two ASAs. Due to changing usage patterns, I need to move one of the contexts feeds from G0/0 over to G0/2 (as well as the outside from G0/1 to G0/3). On paper, this is just a minor change of interface descriptions and context allocations in the sytem context. In practice, you have to delete the old physical and virtual interface definitions and add in the new ones. When the old one is "deleted", the ASA feels the need to delete all references to that interface in all of the child contexts for you, and really spoil the party. The "relevant" config change in the system context is from: > admin-context admin > context admin > description Primary channel context > allocate-interface GigabitEthernet0/0.48 legacy_inside visible > allocate-interface GigabitEthernet0/1.40 legacy_outside visible > config-url disk0:/admin.cfg > join-failover-group 1 into > admin-context admin > context admin > description Primary channel context > allocate-interface GigabitEthernet0/2.48 legacy_inside visible > allocate-interface GigabitEthernet0/3.40 legacy_outside visible > config-url disk0:/admin.cfg > join-failover-group 1 If this were IOS, I'd just copy straight to startup-config and reload, but the ASA's don't seem to want to play that game. Any suggestions, other than a big fat ugly cut-and-paste party to save and re-enter the context configurations after making this change? Thanks, Jeff _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
