FWSM management problem?

rob.hicks1 · ‎08-25-2009

Hi,

We have a pair of FWSM Modules (running 4.0.4) within a pair of VSS 6509-E. Traffic is passing OK, management is OK to the primary FWSM (i.e SSH, SNMP) but we cannot get SSH or SNMP management to the secondary FWSM. My questions is whether this is normal, or should remote access be possible - and if so are additional commands required? (fyi the firewall is pingable so routing is good)

Thanks very much

Rob

robertson.michael · ‎08-25-2009

Hi Rob,

To answer your question, no, this is not normal--you should be able to access your standby FWSM via management protocols like SSH and SNMP.

If you can access the Active unit just fine and you're able to ping the Standby unit, it sounds like your config is OK. I would start by accessing the Standby unit using the 'session slot proc 1' command at the 6509 and checking to make sure the configuration synced normally. At a minimum, you would need something similar to this:

! Applied to the appropriate firewall interface

ip address x.x.x.a 255.255.255.0 standby x.x.x.b

! Applied globally

ssh x.x.x.0 255.255.255.0

If the config looks OK, I would enable SSH debugging ('debug ssh 15') and try again to connect to the Standby unit. The debug messages that get printed to the screen may give you some insight into what is going on.

-Mike

rob.hicks1 · ‎08-25-2009

As suggested I ran a debug and got the following output :

"firewallabc(config)# Device ssh opened successfully.

SSH0: SSH client: IP = '1.2.3.4' interface # = 2

SSH: unable to retrieve default host public key. Please create a default RSA key pair before using SSH

SSH0: Session disconnected by SSH server - error 0x00 "Internal error"

I reset the RSA key and can now management the secondary FWSM via SSH

Many thanks for your help!