Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Software code 8.0.4 for ASA 5520

Hello All,

I'm fairly new on ASA world. I have a pair of ASA 5520 active/standby failover running version 8.0(4). I'm not sure if these issues that I'm facing are related to this software code but here are the issues:

* CIFS access on the clientless SSL vpn (resolved by upgrading to 8.0(4)12.

* unable to SSH into the ASA when VPN in (TAC case opened)

* in the last 3 weeks ASA had failover to standy unit 3 times and did not see any kind of failure in the syslogs.(working with TAC)

Please let me know if anyone run into this issue or have any suggestions.

regards,

1 REPLY

Re: Software code 8.0.4 for ASA 5520

*unable to SSH into the ASA when VPN in

Hi Troy,

You need management-access

where name_if is your management interface if you have it defined as management-only , this statement is needed to manage asa over Ipsec connections.

otherwise most commonly used bellow if no management interface is defined :

management-access inside

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/m.html#wp1987122

*in the last 3 weeks ASA had failover to standy unit 3 times and did not see any kind of failure in the syslogs

1-there must be some type of information somewhere, look ay your firewalls uptime e.i show version will provide their uptime to rule firewall had reload..

2- look at your firewalls flash disks for any carsh info files if any

3- Look at your down stream and up stream switches logs itself as well as switchport where asa5520 interfaces connect to rule out switchport disconnection or switch issues..

4- Observe the patterns when the instances of failover had occured that this just happened ramdomly? to rule out any particular process that may triggered failover, however, when the failover is issued you should have been able to get some logs from the active firewall. or at least local console to the failed firewall to see logs

Strange no logs )

5- Lastly double check your firewalls running code that are the same , perhaps posting the failover configuration will also help to rule out fault in the configuration.

Regards

127
Views
0
Helpful
1
Replies
CreatePlease to create content