Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SSH to Failover Interface of Active/Standby ASA

 

Hi Everyone,

 

I have config ASA as Active/Standby for home lab for learning purposes.

I was trying to ssh to failover interface IP of active device but it did not work from my PC

May 30 2014 22:50:40: %ASA-6-110002: Failed to locate egress interface for TCP from inside:10.0.0.21/54702 to 10.30.30.1/22

 

pri/act/ASA1#                                                 sh failover inte$
        interface fo Vlan30
                System IP Address: 10.30.30.1 255.255.255.252
                My IP Address    : 10.30.30.1
                Other IP Address : 10.30.30.2

 

PC is behind ASA inside interface.

Need to know by design is ssh possible to failover interface IP address or not?

Regards

MAhesh

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

Mahesh,Please refer to the

Mahesh,

Please refer to the configuration guide which states :

"The failover link interface is not configured as a normal networking interface; it exists for failover communication only. This interface can only be used for the failover link (and optionally also for the state link)."

So the answer is "no".

3 REPLIES

That is possible. You should

That is possible. You should be able to SSH if your active/standby firewall is in normal state. Try to generate the crypto keys again while on active/standby mode then save. If you can ping both active and standby IPs then there's very much little to troubleshoot. If you can SSH the active IP then much better. You'll figure it out. :)

Hall of Fame Super Silver

Mahesh,Please refer to the

Mahesh,

Please refer to the configuration guide which states :

"The failover link interface is not configured as a normal networking interface; it exists for failover communication only. This interface can only be used for the failover link (and optionally also for the state link)."

So the answer is "no".

New Member

 Thanks for Answering the

 

Thanks for Answering the question.

Best Regards

MAhesh

781
Views
0
Helpful
3
Replies
CreatePlease login to create content