Thanks for the suggestions Mike but I am still stumped.  I am running 8.2(4) and it is supposed to have the issues refered to in that doc fixed.  I did check the asp sockets and the firewall is listening on port 22.  I tried deleting and restoring the SSH config but that had no affect.

I am able to SSH to the standby IP address for the context, but I cannot connect to the active one.  On a capture done on the active context I do see the packets coming in from the PC to port 22 of the context IP but I am not seeing any response.

Could this be an rsa key issue between the active and standby context? 

Thanks,

John

Hi John,

To rule that out you can just generate a new key on the problem contexts. You can use the following command:

crypto key generate rsa mod 1024

-Mike

Mike,

I tried regenerating the key with no luck so I got fed up and just rebooted the pair of firewalls.  Lucky for me these are a new deployment and don't go live until this weekend! 

Everything is working as expected now.  I can SSH into all the active contexts between the two firewalls and failover groups.  I am thinking that there may still be a bug with the failover.  Everything on this seemed to be working fine until after I tested the failover by forcing the groups back and forth between the two firewalls.

I wish I could find some more in depth documentation on active/active mode and the methodology for sharing keys, etc.

The good thing in all this is that ASDM and console access was working correctly so that I could get into the various contexts.

Thanks,

John

Hi John,

Interesting. If the issue returns, please open a TAC case for this so it can be investigated. Otherwise, I would suggest trying the latest 8.2.5 image to rule out any known bugs since this isn't live yet.

-Mike