09-17-2019 03:54 AM - edited 09-17-2019 03:56 AM
Hi All,
We have a HA Failover pair of Firewalls at different Data centers - A link is there in between where they are forming HA.
Somehow we have lost management access to those firewalls now.
Can someone please advice how we can break the passwork with no or minimum impact to business.
Thanks,
Prasanna Desireddy
09-17-2019 04:58 AM
Is it the local password only you were using for management access? No TACACS or RADIUS or LDAP (AD) authentication?
If so you will be facing some impact to restore access.
Steps I would recommend:
1. Take the standby unit offline (disconnect data and failover interfaces). The LED on front will indicate which is standby as well as inspection of traffic flow from upstream or downstream devices.
2. Then use console cable on it to recover password. Procedure here:
https://community.cisco.com/t5/security-documents/asa-password-recovery/ta-p/3126046
3. Now take the active unit offline (OUTAGE begins).
4. Reintroduce the previously standby unit. It should come up active since no active mate is detected. (OUTAGE ends).
5. Confirm traffic is flowing as expected.
6. Reintroduce the previously active unit. Connect only failover cable to start. It should detect an active mate and sync config from it.
7. Connect data cabling to standby unit. Verify it is in Standby Ready state.
8. Failover (if needed) to re-establish Primary-Active and Secondary-Standby Ready
09-17-2019 05:12 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide