Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA Failover Pair - Access Second Unit via VPN

Hi,

we are running two failover pairs of asa (5510, 5505) in two different locations in active/standby configurations.

Is it possible to access the inside ip of the standby unit via vpn terminated by the active unit? It's only for monitoring.

With our configuration here it is not.

Is that possible in general?

Rgds

Sebastian

  • Firewalling
6 REPLIES
Gold

Re: ASA Failover Pair - Access Second Unit via VPN

without testing it, i can't think of a way to get around the issues with routing over to the standby asa through the vpn tunnel directly. a better approach would be to telnet/ssh to another piece of network gear through the tunnel, and from there telnet/ssh to the standby asa.

New Member

Re: ASA Failover Pair - Access Second Unit via VPN

Thanks for the reply.

Unfortunately the remote site is too important to require a failover and too small to require a local monitoring instance.

We will take a hop via ssh to get to the second unit or just trigger the active asa for failover events.

New Member

Re: ASA Failover Pair - Access Second Unit via VPN

Hi Sebastian,

I know this is quite old but wondered if you received any resolution to this.  We have a failover pair and I'm trying to access the failover for monitoring, network configuration management, etc.

Thanks.

New Member

Re: ASA Failover Pair - Access Second Unit via VPN

Hi,

the customer decided to monitor only the active unit. As per "show failover" you may also monitor the second unit and it's interfaces via the active unit. Please note you cannot edit the second unit's configuration (I assume you're trying to do so following your description).

There might be others with more in-depth knowledge of ASA as I'm doing UC most of my time.

Also there might be new software-versions i'm not aware of. I did all my testing with version 8.0.x

Regards

Sebastian

New Member

Re: ASA Failover Pair - Access Second Unit via VPN

Thank you for the reply.  I have opened a TAC case and got a reply that it is a known bug.

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCte84561


Thanks again.

New Member

ASA Failover Pair - Access Second Unit via VPN

Very Very and Very useful link.

Thanks a lot

1338
Views
0
Helpful
6
Replies
This widget could not be displayed.