ASA Active/Standby - now cant connect to them?

Unanswered Question
Dec 1st, 2008
User Badges:

Hi after having an issue with my ASA 5520 Active/Standby i had disabled the failover on both devices.


I then re-enabled the failover by issuing the failover command on the primary device first then the failover command on the second device.


sh failover on the primary:

Failover On

Failover unit Primary

Failover LAN Interface: failover Management0/0 (up)

Unit Poll frequency 1 seconds, holdtime 15 seconds

Interface Poll frequency 5 seconds, holdtime 25 seconds

Interface Policy 1

Monitored Interfaces 2 of 250 maximum

Version: Ours 8.0(3), Mate 8.0(3)

Last Failover at: 13:30:37 ACDT Nov 25 2008

This host: Primary - Active

Active time: 619894 (sec)

slot 0: ASA5520 hw/sw rev (2.0/8.0(3)) status (Up Sys)

Interface inside (##.##.231.000): Normal

Interface outside (##.###.##.##): Normal

Interface Liift-DMZ-E (##.##.###.###): Normal (Not-Monitored)

Interface Mesant-DMZ-E (##.##.###.###): Normal (Not-Monitored)

Interface Service-DMZ-E (##.##.###.###): Normal (Not-Monitored)

slot 1: ASA-SSM-10 hw/sw rev (1.0/6.1(1)E2) status (Up/Up)

IPS, 6.1(1)E2, Up

Other host: Secondary - Standby Ready

Active time: 0 (sec)

slot 0: ASA5520 hw/sw rev (2.0/8.0(3)) status (Up Sys)

Interface inside (##.##.231.888): Normal

Interface outside (##.###.##.##): Normal

Interface Liift-DMZ-E (##.##.###.###): Normal (Not-Monitored)

Interface Mesant-DMZ-E (##.##.###.###): Normal (Not-Monitored)

Interface Service-DMZ-E (##.##.###.###): Normal (Not-Monitored)

slot 1: ASA-SSM-10 hw/sw rev (1.0/6.1(1)E2) status (Up/Up)

IPS, 6.1(1)E2, Up



sh failover on the secondary:

sh fail

Failover On

Failover unit Secondary

Failover LAN Interface: failover Management0/0 (up)

Unit Poll frequency 1 seconds, holdtime 15 seconds

Interface Poll frequency 5 seconds, holdtime 25 seconds

Interface Policy 1

Monitored Interfaces 2 of 250 maximum

Version: Ours 8.0(3), Mate 8.0(3)

Last Failover at: 16:21:09 ACDT Dec 2 2008

This host: Secondary - Standby Ready

Active time: 0 (sec)

slot 0: ASA5520 hw/sw rev (2.0/8.0(3)) status (Up Sys)

Interface inside (##.##.231.000): Normal (Waiting)

Interface outside (##.##.###.##): Normal (Waiting)

Interface Liift-DMZ-E (##.##.###.###): Normal (Not-Monitored)

Interface Mesant-DMZ-E (##.##.###.###): Normal (Not-Monitored)

Interface Service-DMZ-E (##.##.###.###): Normal (Not-Monitored)

slot 1: ASA-SSM-10 hw/sw rev (1.0/6.1(1)E2) status (Up/Up)

IPS, 6.1(1)E2, Up

Other host: Primary - Active

Active time: 616143 (sec)

slot 0: ASA5520 hw/sw rev (2.0/8.0(3)) status (Up Sys)

Interface inside (##.##.231.888): Normal (Waiting)

Interface outside (##.###.##.##): Normal (Waiting)

Interface Liift-DMZ-E (##.##.###.###): Normal (Not-Monitored)

Interface Mesant-DMZ-E (##.##.###.###): Normal (Not-Monitored)

Interface Service-DMZ-E (##.##.###.###): Normal (Not-Monitored)

slot 1: ASA-SSM-10 hw/sw rev (1.0/6.1(1)E2) status (Up/Up)

IPS, 6.1(1)E2, Up



so looks good.


But since i enabled failover on the secondary unit, i can no loner get SSH or ASDM connection (444) to either of these devices from my pc? i can ping directly connnected networks from both devices and can confirm interfaces are up via console. But i cant management connection to them via IP any more.


anyone ever seen this issue?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Davy Ad Tue, 12/02/2008 - 08:43
User Badges:

Hi Jason,

You said "i had disabled the failover on both devices".

->> You do not have to disable both device

->> Disable only the Active , then check again.


HTH

DAK

its-system Fri, 08/21/2009 - 03:35
User Badges:

"no http server enable" and "http server enable" will solve your ASDM-problem, but you need ssh or the console to do that.

julomban Fri, 08/28/2009 - 07:48
User Badges:
  • Bronze, 100 points or more

With the above commands should work, if that doesn't work you can try to regenerate the crypto keys and try again...


"crypto key generate rsa key"

Actions

This Discussion