Solved: Standby ASA access

rajeshk200_2 · ‎03-17-2009

HI there,

I have pair of ASA's configured as Active/Standby, I can access active ASA thro' ssh and ASDM, but not standby ASA, What we have to do to get hold of standby ASA access?

Many thanks,

Raj

vikram_anumukonda · ‎03-19-2009

Rajesh, try telnetting to the any of the interfaces of active & standby devices , if telnet works to both active & standby ip-address then it's an issue with the rsa keys.

View solution in original post

vikram_anumukonda · ‎03-17-2009

did you try connecting using the standby ip address assigned to ASA ?

rajeshk200_2 · ‎03-19-2009

Hi,

Tried with standby ASA IP , I can ping the IP , I am getting the message

"ssh_exchange_identification: Connection closed by remote host" whilst we do ssh,

I found the difference while we do telnet with port 22 on primary and secondary ASA, Primary session won't disconnect immediately where as secondaty ASA terminate the session immmediatelly as shown below.

Primary ASA response,

# telnet xxxxxx 22

Trying xxxxx...

Connected to xxxxxxxxxx.

Escape character is '^]'.

SSH-1.99-Cisco-1.25

Secondary ASA response

# telnet yyyyyyyyy 22

Trying yyyyyyyyyyy...

Connected to yyyyyyyyyy

Escape character is '^]'.

Connection closed by foreign host.

Any guess on reason why as configs on primary and secondary ASA are same?

Many thanks,

Rajesh

SOL10 · ‎03-17-2009

hi,

if they are working in active and standy mode then the config should copy across from the primary to the seconday.

please post your config from the primary ASA.

Pravin Phadte · ‎03-19-2009

Simple solution...

Configure ssh for oustide or wan ip address on active...

SSH to active ... Then try standby should work

Hope this helps

vikram_anumukonda · ‎03-19-2009

why don't you do ssh instead of telnet/22 and see what's showing in the logs.

rajeshk200_2 · ‎03-19-2009

I can ssh primary ASA successfully and it's fine,While attempting ssh to secondary ASA I am getting error message below, I don't see any relevant logs on active.

"ssh_exchange_identification: Connection closed by remote host"

Thanks,

Raj

vikram_anumukonda · ‎03-19-2009

Rajesh, try telnetting to the any of the interfaces of active & standby devices , if telnet works to both active & standby ip-address then it's an issue with the rsa keys.

rajeshk200_2 · ‎03-20-2009

Telnet works fine for both active and standby ASA's, Is it possible to clear RSA keys for just secondary ASA ?,as I have no issues with primary one, If yes how do we do that?

Thanks,

Rajesh

rajeshk200_2 · ‎03-20-2009

Yes, you are correct, it works after adding crypto keys on secondary ASA.

Many thanks,

Rajesh