Remotely access a failover pair?

Unanswered Question
Jun 18th, 2008


Sorry for the simple question, but how can one remotely access the CLI for a failover unit in an ASA pair? If I SSH/Telnet into the address used, I get the primary unit...


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading. Wed, 06/18/2008 - 20:40


You must use the IP address of the interface of the standby firewall.

I hope this helps.

Best regards.


fsmontenegro Thu, 06/19/2008 - 22:55


What interface address? The failover or state interfaces are not valid options for allowing SSH/Telnet on, and the data interfaces (inside, outside, etc...) don't have an IP address, since the unit is the standby.

I can see how a terminal server can be used to access the console port, but are there any options that don't rely on additional hardware?


uchideshi Thu, 06/19/2008 - 07:43

You can't unless you have a terminal server that will allow you console access to the standby unit. Using the standby's IP without a TS logs you on the active unit.

Farrukh Haroon Fri, 06/20/2008 - 03:33

No you can do this 'for sure'. You have to use the 'standby' IP address in order to achieve this.

interface gig 0/0

nameif inside

sec 100

ip address standby

Host-PC> telnet




This Discussion