Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA Active/Standby - now cant connect to them?

Hi after having an issue with my ASA 5520 Active/Standby i had disabled the failover on both devices.

I then re-enabled the failover by issuing the failover command on the primary device first then the failover command on the second device.

sh failover on the primary:

Failover On

Failover unit Primary

Failover LAN Interface: failover Management0/0 (up)

Unit Poll frequency 1 seconds, holdtime 15 seconds

Interface Poll frequency 5 seconds, holdtime 25 seconds

Interface Policy 1

Monitored Interfaces 2 of 250 maximum

Version: Ours 8.0(3), Mate 8.0(3)

Last Failover at: 13:30:37 ACDT Nov 25 2008

This host: Primary - Active

Active time: 619894 (sec)

slot 0: ASA5520 hw/sw rev (2.0/8.0(3)) status (Up Sys)

Interface inside (##.##.231.000): Normal

Interface outside (##.###.##.##): Normal

Interface Liift-DMZ-E (##.##.###.###): Normal (Not-Monitored)

Interface Mesant-DMZ-E (##.##.###.###): Normal (Not-Monitored)

Interface Service-DMZ-E (##.##.###.###): Normal (Not-Monitored)

slot 1: ASA-SSM-10 hw/sw rev (1.0/6.1(1)E2) status (Up/Up)

IPS, 6.1(1)E2, Up

Other host: Secondary - Standby Ready

Active time: 0 (sec)

slot 0: ASA5520 hw/sw rev (2.0/8.0(3)) status (Up Sys)

Interface inside (##.##.231.888): Normal

Interface outside (##.###.##.##): Normal

Interface Liift-DMZ-E (##.##.###.###): Normal (Not-Monitored)

Interface Mesant-DMZ-E (##.##.###.###): Normal (Not-Monitored)

Interface Service-DMZ-E (##.##.###.###): Normal (Not-Monitored)

slot 1: ASA-SSM-10 hw/sw rev (1.0/6.1(1)E2) status (Up/Up)

IPS, 6.1(1)E2, Up

sh failover on the secondary:

sh fail

Failover On

Failover unit Secondary

Failover LAN Interface: failover Management0/0 (up)

Unit Poll frequency 1 seconds, holdtime 15 seconds

Interface Poll frequency 5 seconds, holdtime 25 seconds

Interface Policy 1

Monitored Interfaces 2 of 250 maximum

Version: Ours 8.0(3), Mate 8.0(3)

Last Failover at: 16:21:09 ACDT Dec 2 2008

This host: Secondary - Standby Ready

Active time: 0 (sec)

slot 0: ASA5520 hw/sw rev (2.0/8.0(3)) status (Up Sys)

Interface inside (##.##.231.000): Normal (Waiting)

Interface outside (##.##.###.##): Normal (Waiting)

Interface Liift-DMZ-E (##.##.###.###): Normal (Not-Monitored)

Interface Mesant-DMZ-E (##.##.###.###): Normal (Not-Monitored)

Interface Service-DMZ-E (##.##.###.###): Normal (Not-Monitored)

slot 1: ASA-SSM-10 hw/sw rev (1.0/6.1(1)E2) status (Up/Up)

IPS, 6.1(1)E2, Up

Other host: Primary - Active

Active time: 616143 (sec)

slot 0: ASA5520 hw/sw rev (2.0/8.0(3)) status (Up Sys)

Interface inside (##.##.231.888): Normal (Waiting)

Interface outside (##.###.##.##): Normal (Waiting)

Interface Liift-DMZ-E (##.##.###.###): Normal (Not-Monitored)

Interface Mesant-DMZ-E (##.##.###.###): Normal (Not-Monitored)

Interface Service-DMZ-E (##.##.###.###): Normal (Not-Monitored)

slot 1: ASA-SSM-10 hw/sw rev (1.0/6.1(1)E2) status (Up/Up)

IPS, 6.1(1)E2, Up

so looks good.

But since i enabled failover on the secondary unit, i can no loner get SSH or ASDM connection (444) to either of these devices from my pc? i can ping directly connnected networks from both devices and can confirm interfaces are up via console. But i cant management connection to them via IP any more.

anyone ever seen this issue?

3 REPLIES
New Member

Re: ASA Active/Standby - now cant connect to them?

Hi Jason,

You said "i had disabled the failover on both devices".

->> You do not have to disable both device

->> Disable only the Active , then check again.

HTH

DAK

New Member

Re: ASA Active/Standby - now cant connect to them?

"no http server enable" and "http server enable" will solve your ASDM-problem, but you need ssh or the console to do that.

Bronze

Re: ASA Active/Standby - now cant connect to them?

With the above commands should work, if that doesn't work you can try to regenerate the crypto keys and try again...

"crypto key generate rsa key"

138
Views
0
Helpful
3
Replies