Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Lost telnet to secondary ASA 5510

ver Version 8.0(3)12

ASA5510 inb active/standby configuration. Somewhere along the line I've lost telnet when failed over to the secondary unit. The firewall passes traffic and I can manage it from ASDM. Nmap shows the primary listening on port 23 but not the secondary when it has the active role. Can't think of any recent changes to the 2 interfaces configured for telnet. I did change the speed of the outside interface to auto to match the ethernet port, but telnet was not bound to e0/0 anyway. I suppose I could rebuild failover from scratch .....

4 REPLIES
Community Member

Re: Lost telnet to secondary ASA 5510

Could you provide the logs of the time you try to telnet to the other unit?

Probably that will give you the information that you need.

Community Member

Re: Lost telnet to secondary ASA 5510

No can do. The secondary unit isn't listening on port 23, there aren't any log entries. As a matter of fact, I can't find any log entries for telnet on the primary unit. Let me look into that some more.

Re: Lost telnet to secondary ASA 5510

Hi,

Are you sure that the failover is successfully being established between both of the peers (Can you please show us the result of "show failover" command)

Cheers,

Community Member

Re: Lost telnet to secondary ASA 5510

Failover looks good, and I've lost telnet on both the active and secondary units. Btw, I want to migrate to ssh in any case, once I figure this out;

ssh 0 0 inside

crypto key gen rsa

but I get a warning message;

" you have a RSA keypair already defined named "

If I overwrite this will ASDM use the new keypair?

Here's the output of sho failover;

Failover On

Failover unit Primary

Failover LAN Interface: FOVER Management0/0 (up)

Unit Poll frequency 1 seconds, holdtime 15 seconds

Interface Poll frequency 5 seconds, holdtime 25 seconds

Interface Policy 1

Monitored Interfaces 3 of 250 maximum

Version: Ours 8.0(3)12, Mate 8.0(3)12

Last Failover at: 15:23:33 EST Dec 2 2008

This host: Primary - Active

Active time: 1013695 (sec)

slot 0: ASA5510 hw/sw rev (2.0/8.0(3)12) status (Up Sys)

Interface Outside (x.x.x.x): Normal

Interface inside (10.0.0.1): Normal

Interface Corp (192.168.128.1): Normal

slot 1: empty

Other host: Secondary - Standby Ready

Active time: 13326 (sec)

slot 0: ASA5510 hw/sw rev (2.0/8.0(3)12) status (Up Sys)

Interface Outside (x.x.x.x): Normal

Interface inside (10.0.0.8): Normal

Interface Corp (192.168.128.3): Normal

slot 1: empty

Stateful Failover Logical Update Statistics

Link : FOVER Management0/0 (up)

Stateful Obj xmit xerr rcv rerr

General 176362412 46886 1642025 0

sys cmd 136700 0 136700 0

up time 0 0 0 0

RPC services 0 0 0 0

TCP conn 166859940 45379 1417487 0

UDP conn 6779062 1507 55863 0

ARP tbl 2586710 0 31975 0

Xlate_Timeout 0 0 0 0

VPN IKE upd 0 0 0 0

VPN IPSEC upd 0 0 0 0

VPN CTCP upd 0 0 0 0

VPN SDI upd 0 0 0 0

VPN DHCP upd 0 0 0 0

SIP Session 0 0 0 0

Logical Update Queue Information

Cur Max Total

Recv Q: 0 25 1653884

Xmit Q: 0 27 177376268

260
Views
0
Helpful
4
Replies
CreatePlease to create content