Re: ASA 5525 failover key failure - Page 2

netspazz · ‎05-07-2018

I have a very strange issue. I have several firewall pairs, each running active/standby. I am in the process of upgrading firmware to 9.7(1)21. Once both firewalls have been rebooted they both in the active state because they loose failover connection. What I do is "no failover key 8 ####" (### is masking the real hash number) Once the key is removed then both firewalls communicate and the standby will go into its normal standby mode. A sh failover will now show them up and communicating. If I issue the "failover key 8 ####" on the active then it is pushed over to the standby, but within a minute or so communication is stopped and the standby will go active again. The sh failover shows the other end failed. Only way to get them to communicate is without the failover key installed. This was working before the upgrade. Do I need to do something?

thanks

netspazz · ‎05-14-2018

I know that radius is not working since my keys are not working, but local login is working. What happened was that I upgraded from a 9.6 release to a 9.7 release. I now found out that pbkdf2 encryption is standard for this release. Not sure if this may be causing some issues. In short, once I upgraded I changed my user admin password, but it stopped working locally at the ssh prompt and at the terminal. I even created a new user but could not log in. I had an ssh window open so I was still logged in and able to make changes. this was very strange. I am missing something. this all started by wanting to just update my "failover key 8 <hash>" that was not working after the upgrade. I got it working by running "key config-key password-encryption <pass-phrase>", but this broke my login, it that makes sense. I opened another post enable pw not working 9.6 to 9.7 upgrade to see if I could get some insight on that problem. It seems I'm going down a rabbit hole.