Solved: ASA FO Active/Standby. Logging into Standby node with RADIUS auth.

Ilia Alshaev · ‎10-23-2020

Hi community!

Faced the issue with connecting into Standby node of FO ASA cluster.

The problem description:

- when I try to connect via SSH to the Standby node I always getting the message "Remote side unexpectedly closed network connection";

- when I change the config line #aaa authentication ssh console Management LOCAL with #aaa authentication ssh console LOCAL and try to login with local user credentials - everything is fine. I am in.

With http access I getting the same trouble. Just "Login Failed" in ASDM when #aaa authentication http console Management LOCAL and otherwise when #aaa authentication http console LOCAL I successfuly getting in.

Then, I went to look at the RADIUS logs - there is nothing with "fails".

There is something with authentication settings, but I can't recognize what exacltly.

Aref Alsouqi · ‎10-24-2020

Looks like the standby unit is not added as a RADIUS client on the RADIUS server? When you try to ssh/https to the standby unit, the authentication requests will be sourcing from the standby unit IP address, so if the standby unit is not added as a RADIUS client, authentication will fail. If you haven't done that already, please add the standby unit as a RADIUS client on the RADIUS server and try again.

View solution in original post

Aref Alsouqi · ‎10-24-2020

Looks like the standby unit is not added as a RADIUS client on the RADIUS server? When you try to ssh/https to the standby unit, the authentication requests will be sourcing from the standby unit IP address, so if the standby unit is not added as a RADIUS client, authentication will fail. If you haven't done that already, please add the standby unit as a RADIUS client on the RADIUS server and try again.

Ilia Alshaev · ‎10-26-2020

Sounds awkward, but that was the clue of the problem.

Thanks, Aref!