Please anyone can help regard,
I have 2 ASA 5520
one ASA 5520 working with old IOS
another ASA 5520 Standby disconnected with latest IOS.
I want to test Standby ASA working or not same as Live ASA.
Schenario. from internet>switch>ASA Live>Switch>our computer so please can we forward all traffic from Live ASA to Standby ASA to Our network connected switch without down time
As far as I know, the standby ASA will not process traffic as long as the active member is alive or has not resign.
I see three possibilities :
1) Test the new IOS in a lab. Best would be to have a spare ASA in the lab. Otherwise you could also remove the standby ASA from live network and make it active in the lab...
2) Perform a failover to the standby, verify everything is working fine then upgrade the second ASA to the same IOS version
3) Break the cluster to have the two ASA Active daisy chain them (some re-IP required). However I do not see any advantage on the proposal 2.