If you are like me and think that there should be a way to copy files from primary unit dir via failover/ha link well you’ll be disappointed!
The good* news is that you could still push the command from primary unit to secondary by utilizing failover exec mate command.
While being ssh into primary unit use the following format to initiate push from secondary:
failover exec mate copy /noconfirm tftp://ipaddress/asaimage.bin disk0:/asaimage.bin
Please note /nonconfirm – this is required otherwise you’ll get parsing error such as %Error parsing filename (No such device).
Pro tip. To ensure integrity of the file I would advice checking hash of newly downloaded image that is matching Cisco website repository.
Example command for that is as follow:
asav01/pri/act# verify /md5 disk0:asa984-3-smp-k8.bin
verify /MD5 (disk0:/asa984-3-smp-k8.bin) = a8e9621798ef8255e0960bb88dd0f783
Where a8e9621798ef8255e0960bb88dd0f783 is the hash that needs to be compared matched against the repository.