I have a pair of 5510 with SSM-10 cards(CSC). Failover is working fine, but for some reason I cannot access the CSC web interface on the Secondary unit when it is in standby. Is this by design, or is there a problem? I need to apply some license upgrades and get it on the same version as the Primary CSC.
Thats the puzzling part, I have full IP connectivity, but if I try to access the web page via the NAT IP, it doesn't connect, but the primary one works fine. I mapped the primary IP port 8444 to the CSC IP port 8443 after trying to map the secondary IP 8443 to the CSC IP 8443 with no luck on either.
Now if I VPN in I can access the private IP of the CSC OK.
Update, I forgot to add the ACL for the interface port 8444, and I can access it now. I was using the IP of the secondary ASA port 8443 before, and I do have a permit ACL for that IP and port, but I was unable to access it with that IP. Is the fact that it is the standby IP the reason it doesn't work?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...