topic SSH to Failover Interface of Active/Standby ASA in Network Security

SSH to Failover Interface of Active/Standby ASA

mahesh18 — Tue, 12 Mar 2019 04:16:06 GMT

Hi Everyone,

I have config ASA as Active/Standby for home lab for learning purposes.

I was trying to ssh to failover interface IP of active device but it did not work from my PC

May 30 2014 22:50:40: %ASA-6-110002: Failed to locate egress interface for TCP from inside:10.0.0.21/54702 to 10.30.30.1/22

pri/act/ASA1#                                                 sh failover inte$
        interface fo Vlan30
                System IP Address: 10.30.30.1 255.255.255.252
                My IP Address    : 10.30.30.1
                Other IP Address : 10.30.30.2

PC is behind ASA inside interface.

Need to know by design is ssh possible to failover interface IP address or not?

Regards

MAhesh

That is possible. You should

jpl861 — Sat, 31 May 2014 12:12:36 GMT

That is possible. You should be able to SSH if your active/standby firewall is in normal state. Try to generate the crypto keys again while on active/standby mode then save. If you can ping both active and standby IPs then there's very much little to troubleshoot. If you can SSH the active IP then much better. You'll figure it out. 🙂

Mahesh,Please refer to the

Marvin Rhoads — Sat, 31 May 2014 15:12:18 GMT

Mahesh,

Please refer to the configuration guide which states :

"The failover link interface is not configured as a normal networking interface; it exists for failover communication only. This interface can only be used for the failover link (and optionally also for the state link)."

So the answer is "no".

Thanks for Answering the

mahesh18 — Sat, 31 May 2014 18:26:51 GMT

Thanks for Answering the question.

Best Regards

MAhesh