My problem is as follow. I have a pare of PIX 515 firewalls (active/standby) I have also one more unit with failover-only license. I tried to exemine this unit to work it as an standby unit instead of the previous one. After configuration from the working unit had been copied to the new unit, I can't gain any remote access to this secondary firewall, local console only. Before units were changed everything was OK. Configurations at pimary unit, ex-secondary unit and active unit are the same.
Perhaps there is something in your situation that I am not yet understanding well. When you say the config was copied to the new unit, do you mean that literally the config was copied from one PIX to another PIX? That would produce duplicate IP addresses and would prevent remote access. It would also prevent remote access if the PIX to which the config was copied was connected in a subnet that did not match its IP address and mask.
If that is not the issue then perhaps you can provide a bit more detail about the situation.
No, it's not a network problem, I'm sure. New secondary unit has it's failover IP and is pinging well. Also, I noticed a message 'aaa server host machine not responding' on this new unit until I'v being connecting remotely. The aaa base is not empty, and the 'aaa authentication ssh console LOCAL' is issued, as vell as the 'ssh 255.255.255.0 inside' statement.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...