×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Software code 8.0.4 for ASA 5520

Unanswered Question
Mar 9th, 2009
User Badges:

Hello All,


I'm fairly new on ASA world. I have a pair of ASA 5520 active/standby failover running version 8.0(4). I'm not sure if these issues that I'm facing are related to this software code but here are the issues:


* CIFS access on the clientless SSL vpn (resolved by upgrading to 8.0(4)12.

* unable to SSH into the ASA when VPN in (TAC case opened)

* in the last 3 weeks ASA had failover to standy unit 3 times and did not see any kind of failure in the syslogs.(working with TAC)


Please let me know if anyone run into this issue or have any suggestions.


regards,

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
JORGE RODRIGUEZ Mon, 03/09/2009 - 17:41
User Badges:
  • Green, 3000 points or more

*unable to SSH into the ASA when VPN in


Hi Troy,


You need management-access


where name_if is your management interface if you have it defined as management-only , this statement is needed to manage asa over Ipsec connections.


otherwise most commonly used bellow if no management interface is defined :


management-access inside


http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/m.html#wp1987122


*in the last 3 weeks ASA had failover to standy unit 3 times and did not see any kind of failure in the syslogs


1-there must be some type of information somewhere, look ay your firewalls uptime e.i show version will provide their uptime to rule firewall had reload..


2- look at your firewalls flash disks for any carsh info files if any


3- Look at your down stream and up stream switches logs itself as well as switchport where asa5520 interfaces connect to rule out switchport disconnection or switch issues..


4- Observe the patterns when the instances of failover had occured that this just happened ramdomly? to rule out any particular process that may triggered failover, however, when the failover is issued you should have been able to get some logs from the active firewall. or at least local console to the failed firewall to see logs

Strange no logs )


5- Lastly double check your firewalls running code that are the same , perhaps posting the failover configuration will also help to rule out fault in the configuration.


Regards


Actions

This Discussion