Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Radius auth to standby ASA in Active Active Failover

 

Hi Everyone,

When ASA is in Active/standby failover i can ssh to standby ASA using Radius.

But when ASA is in multi context mode  Active/Active failover i can not do Radius Auth to standby ASA?

Is this default behaviour?

Regards

MAhesh

  • Firewalling
8 REPLIES
VIP Green

I would not have thought this

I would not have thought this is the default behavior...but then again, I have never tested this.  If you console into the standby context issue the command show run | in aaa.  Which authentication database is indicated?

--

Please remember to select a correct answer and rate helpful posts

-- Please remember to rate and select a correct answer
New Member

 Hi Marius,both ASA active

 

Hi Marius,

both ASA active and standby in Active/active failover when i run the command

sh run | inc aaa

have same config with radius as protocol and same radius servers.

 

Regards

MAhesh

 

New Member

 Also when i run command sh

 

Also when i run command sh aaa-server on standby ASA it shows

 

Server status as Failed,Server disabled at

 

Regards

MAhesh

That is not the default

That is not the default behavior. Make sure you have all the IP's in your AAA server.
New Member

 Hi Collin,Both ASA have same

 

Hi Collin,

Both ASA have same IP's in their AAA server group.

Regards

MAhesh

Hall of Fame Super Silver

I think Collin was talking

I think Collin was talking about having the IP addresses for both the Active and Standby ASA (for each context) in your RADIUS server.

New Member

 Will check Entries of IP in

 

Will check Entries of IP in radius.

That is not the default

That is not the default behavior. Make sure you have all the IP's in your AAA server.
170
Views
0
Helpful
8
Replies