That’s a mouthful. I’ve been having a hard time figuring out how to successfully transfer images to the Standby ASA’s flash from the Active’s CLI. Finally figured it out. Here’s the syntax:

failover exec standby copy /noconfirm tftp://{ip address}/{file name} disk0:/{file name}

Without the /noconfirm it’ll fail. You also need a standby ip address on the interface facing the tftp server and I haven’t confirmed this but I think it might also need to be on the same subnet. I’m still having some trouble with a situation where the standby ASA would have to reach another subnet.

Comments (5)

  1. nersys

    Reply

    hi,

    we use the management interface to for a link between active/standby asa. it uses a separate network. the tftp is on another subnet. i can’t even ping the tftp server. i can only ping the active interface from the standby ? did you find a solution?

  2. Mark Walters, CCIE 20571

    Reply

    Hi Guys –

    Using that syntax above you should be able to hit a TFTP/FTP server on a different subnet if your firewalls use static routes as opposed to a dynamic routing protocol like OSPF. (dynamic routing protocol info is not synched to the standby unit until code v8.4)

    And if you’re using multi-context mode, then you’ll run the commands from the ‘system’, but the ASA will actually use whichever context you’ve designated as ‘admin’ to establish the connection.

    cheers
    mark

  3. Peter Piper

    Reply

    Hi,

    Nice post. Just curious if you have had any luck in the situation where your standby unit is directly connected to the active unit via the mnmt port.

    The issue being that while the standby unit is not active – it has no IP addresses on any interfaces and is not reachable except via the active unit.

    Thanks.

Leave a comment

Your email address will not be published. Required fields are marked *