I have a customer with a failover pair of ASAs 8.0, each with an AIP-SSM. The AIP in the secondary ASA is not accessible via its IP address, so cannot be accessed using IDM or ASDM, or ssh. It can be accessed by sessioning into the module, and it cannot ping anything outside of it. The access-list for the relavent interface on the ASA is "any any".
The secondary ASA itself is accessible with ssh and ASDM.
Nearby devices don't get an arp response for the AIP IP address. The access-list in the AIP permits the IP address we are coming from.
Any ideas why we cannot get in?
Sorry to ask basic question, but I am assuming that the secondary AIP-SSM port is cabled and connected to the right VLAN (same as what is assigned to the primary AIP-SSM vlan)?
Also, the IP Address assigned to the secondary AIP-SSM module is in the same subnet as the one assigned to the primary AIP-SSM module?
What do you see on the switchport connected to the secondary AIP-SSM module compared to the primary module?