12-02-2008 08:36 AM - edited 03-11-2019 07:20 AM
ver Version 8.0(3)12
ASA5510 inb active/standby configuration. Somewhere along the line I've lost telnet when failed over to the secondary unit. The firewall passes traffic and I can manage it from ASDM. Nmap shows the primary listening on port 23 but not the secondary when it has the active role. Can't think of any recent changes to the 2 interfaces configured for telnet. I did change the speed of the outside interface to auto to match the ethernet port, but telnet was not bound to e0/0 anyway. I suppose I could rebuild failover from scratch .....
12-02-2008 08:56 AM
Could you provide the logs of the time you try to telnet to the other unit?
Probably that will give you the information that you need.
12-02-2008 09:11 AM
No can do. The secondary unit isn't listening on port 23, there aren't any log entries. As a matter of fact, I can't find any log entries for telnet on the primary unit. Let me look into that some more.
12-03-2008 01:39 AM
Hi,
Are you sure that the failover is successfully being established between both of the peers (Can you please show us the result of "show failover" command)
Cheers,
12-03-2008 05:17 AM
Failover looks good, and I've lost telnet on both the active and secondary units. Btw, I want to migrate to ssh in any case, once I figure this out;
ssh 0 0 inside
crypto key gen rsa
but I get a warning message;
" you have a RSA keypair already defined named
If I overwrite this will ASDM use the new keypair?
Here's the output of sho failover;
Failover On
Failover unit Primary
Failover LAN Interface: FOVER Management0/0 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 3 of 250 maximum
Version: Ours 8.0(3)12, Mate 8.0(3)12
Last Failover at: 15:23:33 EST Dec 2 2008
This host: Primary - Active
Active time: 1013695 (sec)
slot 0: ASA5510 hw/sw rev (2.0/8.0(3)12) status (Up Sys)
Interface Outside (x.x.x.x): Normal
Interface inside (10.0.0.1): Normal
Interface Corp (192.168.128.1): Normal
slot 1: empty
Other host: Secondary - Standby Ready
Active time: 13326 (sec)
slot 0: ASA5510 hw/sw rev (2.0/8.0(3)12) status (Up Sys)
Interface Outside (x.x.x.x): Normal
Interface inside (10.0.0.8): Normal
Interface Corp (192.168.128.3): Normal
slot 1: empty
Stateful Failover Logical Update Statistics
Link : FOVER Management0/0 (up)
Stateful Obj xmit xerr rcv rerr
General 176362412 46886 1642025 0
sys cmd 136700 0 136700 0
up time 0 0 0 0
RPC services 0 0 0 0
TCP conn 166859940 45379 1417487 0
UDP conn 6779062 1507 55863 0
ARP tbl 2586710 0 31975 0
Xlate_Timeout 0 0 0 0
VPN IKE upd 0 0 0 0
VPN IPSEC upd 0 0 0 0
VPN CTCP upd 0 0 0 0
VPN SDI upd 0 0 0 0
VPN DHCP upd 0 0 0 0
SIP Session 0 0 0 0
Logical Update Queue Information
Cur Max Total
Recv Q: 0 25 1653884
Xmit Q: 0 27 177376268
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: