Failover pair, to failover pair - unable to access standby over VPN

Unanswered Question
Jan 28th, 2009

Topology.

At the head end there is an ASA failover pair which forms a IPSEC VPN tunnel to a remote ASA failover pair. We manage the remote side by going through the VPN from the head end.

The problem is that I cannot access the standby ASA at the remote side because when my ssh or icmp traffic gets to it, it then thinks the return route is on its outside interface which doesn't have a tunnel to travel on and so it uses the public internet to try to get back which is dropped.

I can access the standby at the remote site going through the public internet, but not through the VPN tunnel.

The question is, how can I get management traffic (icmp,snmp,logging and ssh) to come back over the tunnel from the standby firewall at the remote site.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
RicheeJJJ_2 Tue, 02/03/2009 - 14:50

The firewalls aren't in multiple context mode. They are single contexts, active-standby. And the standby can't ping anything on the other side of the tunnel.

Actions

This Discussion