Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

scansafe on multi context ASA


We are testing out in our LAB using Scansafe on a multi context ASA Firewall running version 9.1.(4). We are seeing an issue where the proxy servers become unreachable after a very short period of time, and stays in this state forever until you remove/reapply the config.

Is this a bug in the version we are running in the LAB? Also, I noticed when using multi context, you can't specify the FQDN for the proxy server in the system context, it has to be the IP address. Is there away of specifying the FQDN?   

scansafe general-options

server primary ip port 8080

server backup ip port 8080

retry-count 5

context LAB

  member FW-LAB

  allocate-interface GigabitEthernet0/0.400

  allocate-interface GigabitEthernet0/0.444

  allocate-interface GigabitEthernet0/1

  allocate-interface Management0/0

  config-url disk0:/lab.cfg

  join-failover-group 1

  scansafe license xxxxxxxxxxxxxxxx

show scansafe server

Primary: (UNREACHABLE) for last 1 day 21 hours, tried to connect 2337 times

Backup: (UNREACHABLE) for last 1 day 21 hours, tried to connect 2916 times

Thanks in advance!


Cisco Employee

scansafe on multi context ASA

With regards to the first question relating to a possible bug with the towers becoming unreachable, I recommend opening a case with TAC as soon as posssible providing a show tech-support output also for deeper analysis on the fault conditions and possible causes.

With regards to the FQDN the syntax would be the following in the system Context amending the "xxx" with your provisoned towers for the site you are configuring.

scansafe general-options

server primary fqdn port 8080

server backup fqdn port 8080

retry-count 5

license Ne.oPiqMN56V9eiW encrypted  < - Company Licence

All Sub-Context configs would use custom group licence that you created on the online portal.

An example of my test lab whcih is working can be seen below:

admin-context admin

context admin

  description asa_admin_context

  allocate-interface GigabitEthernet0/0

  allocate-interface GigabitEthernet0/1

  config-url disk0:/admin.cfg

  scansafe license < OMITTED >encrypted <- Custom Group Licence

context labtext

  description asa_dtlab_context

  allocate-interface GigabitEthernet0/2

  allocate-interface GigabitEthernet0/3

  config-url disk0:/dtlab.cfg

  scansafe license encrypted <- Custom Group Licence

Cisco Employee

Re: scansafe on multi context ASA

CreatePlease to create content