Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Standby ASA access

HI there,

I have pair of ASA's configured as Active/Standby, I can access active ASA thro' ssh and ASDM, but not standby ASA, What we have to do to get hold of standby ASA access?

Many thanks,

Raj

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Standby ASA access

Rajesh, try telnetting to the any of the interfaces of active & standby devices , if telnet works to both active & standby ip-address then it's an issue with the rsa keys.

9 REPLIES

Re: Standby ASA access

did you try connecting using the standby ip address assigned to ASA ?

New Member

Re: Standby ASA access

Hi,

Tried with standby ASA IP , I can ping the IP , I am getting the message

"ssh_exchange_identification: Connection closed by remote host" whilst we do ssh,

I found the difference while we do telnet with port 22 on primary and secondary ASA, Primary session won't disconnect immediately where as secondaty ASA terminate the session immmediatelly as shown below.

Primary ASA response,

# telnet xxxxxx 22

Trying xxxxx...

Connected to xxxxxxxxxx.

Escape character is '^]'.

SSH-1.99-Cisco-1.25

Secondary ASA response

# telnet yyyyyyyyy 22

Trying yyyyyyyyyyy...

Connected to yyyyyyyyyy

Escape character is '^]'.

Connection closed by foreign host.

Any guess on reason why as configs on primary and secondary ASA are same?

Many thanks,

Rajesh

New Member

Re: Standby ASA access

hi,

if they are working in active and standy mode then the config should copy across from the primary to the seconday.

please post your config from the primary ASA.

Re: Standby ASA access

Simple solution...

Configure ssh for oustide or wan ip address on active...

SSH to active ... Then try standby should work

Hope this helps

Re: Standby ASA access

why don't you do ssh instead of telnet/22 and see what's showing in the logs.

New Member

Re: Standby ASA access

I can ssh primary ASA successfully and it's fine,While attempting ssh to secondary ASA I am getting error message below, I don't see any relevant logs on active.

"ssh_exchange_identification: Connection closed by remote host"

Thanks,

Raj

Re: Standby ASA access

Rajesh, try telnetting to the any of the interfaces of active & standby devices , if telnet works to both active & standby ip-address then it's an issue with the rsa keys.

New Member

Re: Standby ASA access

Telnet works fine for both active and standby ASA's, Is it possible to clear RSA keys for just secondary ASA ?,as I have no issues with primary one, If yes how do we do that?

Thanks,

Rajesh

New Member

Re: Standby ASA access

Yes, you are correct, it works after adding crypto keys on secondary ASA.

Many thanks,

Rajesh

4729
Views
10
Helpful
9
Replies
CreatePlease login to create content