We have a pair of FWSM Modules (running 4.0.4) within a pair of VSS 6509-E. Traffic is passing OK, management is OK to the primary FWSM (i.e SSH, SNMP) but we cannot get SSH or SNMP management to the secondary FWSM. My questions is whether this is normal, or should remote access be possible - and if so are additional commands required? (fyi the firewall is pingable so routing is good)
Thanks very much
To answer your question, no, this is not normal--you should be able to access your standby FWSM via management protocols like SSH and SNMP.
If you can access the Active unit just fine and you're able to ping the Standby unit, it sounds like your config is OK. I would start by accessing the Standby unit using the 'session slot
! Applied to the appropriate firewall interface
ip address x.x.x.a 255.255.255.0 standby x.x.x.b
! Applied globally
ssh x.x.x.0 255.255.255.0
If the config looks OK, I would enable SSH debugging ('debug ssh 15') and try again to connect to the Standby unit. The debug messages that get printed to the screen may give you some insight into what is going on.
As suggested I ran a debug and got the following output :
"firewallabc(config)# Device ssh opened successfully.
SSH0: SSH client: IP = '184.108.40.206' interface # = 2
SSH: unable to retrieve default host public key. Please create a default RSA key pair before using SSH
SSH0: Session disconnected by SSH server - error 0x00 "Internal error"
I reset the RSA key and can now management the secondary FWSM via SSH
Many thanks for your help!