Remotely access a failover pair?

fsmontenegro · ‎06-18-2008

Hi!

Sorry for the simple question, but how can one remotely access the CLI for a failover unit in an ASA pair? If I SSH/Telnet into the address used, I get the primary unit...

Thanks!

massimiliano.serafino · ‎06-18-2008

Hi,

You must use the IP address of the interface of the standby firewall.

I hope this helps.

Best regards.

Massimiliano

fsmontenegro · ‎06-19-2008

Hi,

What interface address? The failover or state interfaces are not valid options for allowing SSH/Telnet on, and the data interfaces (inside, outside, etc...) don't have an IP address, since the unit is the standby.

I can see how a terminal server can be used to access the console port, but are there any options that don't rely on additional hardware?

Thanks!

uchideshi · ‎06-19-2008

You can't unless you have a terminal server that will allow you console access to the standby unit. Using the standby's IP without a TS logs you on the active unit.

Farrukh Haroon · ‎06-20-2008

No you can do this 'for sure'. You have to use the 'standby' IP address in order to achieve this.

interface gig 0/0

nameif inside

sec 100

ip address 192.168.1.200 255.255.255.0 standby 192.168.1.201

Host-PC> telnet 192.168.1.201

Regards

Farrukh