cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

1383
Views
5
Helpful
2
Replies
Ilia Alshaev
Beginner

ASA FO Active/Standby. Logging into Standby node with RADIUS auth.

Hi community!


Faced the issue with connecting into Standby node of FO ASA cluster. 

The problem description:

- when I try to connect via SSH to the Standby node I always getting the message "Remote side unexpectedly closed network connection";

- when I change the config line #aaa authentication ssh console Management LOCAL with #aaa authentication ssh console LOCAL and try to login with local user credentials - everything is fine. I am in.

 

With http access I getting the same trouble. Just "Login Failed" in ASDM when #aaa authentication http console Management LOCAL and otherwise when #aaa authentication http console LOCAL I successfuly getting in.

 

Then, I went to look at the RADIUS logs - there is nothing with "fails". 

There is something with authentication settings, but I can't recognize what exacltly.

1 ACCEPTED SOLUTION

Accepted Solutions
Aref Alsouqi
VIP Rising star

Looks like the standby unit is not added as a RADIUS client on the RADIUS server? When you try to ssh/https to the standby unit, the authentication requests will be sourcing from the standby unit IP address, so if the standby unit is not added as a RADIUS client, authentication will fail. If you haven't done that already, please add the standby unit as a RADIUS client on the RADIUS server and try again.

View solution in original post

2 REPLIES 2
Aref Alsouqi
VIP Rising star

Looks like the standby unit is not added as a RADIUS client on the RADIUS server? When you try to ssh/https to the standby unit, the authentication requests will be sourcing from the standby unit IP address, so if the standby unit is not added as a RADIUS client, authentication will fail. If you haven't done that already, please add the standby unit as a RADIUS client on the RADIUS server and try again.

View solution in original post

Sounds awkward, but that was the clue of the problem.

 

Thanks, Aref!