Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2320
Views
5
Helpful
2
Replies

ASA FO Active/Standby. Logging into Standby node with RADIUS auth.

Go to solution
Ilia Alshaev
Level 1
Level 1

‎10-23-2020 03:50 PM

Hi community!


Faced the issue with connecting into Standby node of FO ASA cluster. 

The problem description:

- when I try to connect via SSH to the Standby node I always getting the message "Remote side unexpectedly closed network connection";

- when I change the config line #aaa authentication ssh console Management LOCAL with #aaa authentication ssh console LOCAL and try to login with local user credentials - everything is fine. I am in.

 

With http access I getting the same trouble. Just "Login Failed" in ASDM when #aaa authentication http console Management LOCAL and otherwise when #aaa authentication http console LOCAL I successfuly getting in.

 

Then, I went to look at the RADIUS logs - there is nothing with "fails". 

There is something with authentication settings, but I can't recognize what exacltly.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Aref Alsouqi
VIP
VIP

‎10-24-2020 04:05 PM - edited ‎10-24-2020 04:08 PM

Looks like the standby unit is not added as a RADIUS client on the RADIUS server? When you try to ssh/https to the standby unit, the authentication requests will be sourcing from the standby unit IP address, so if the standby unit is not added as a RADIUS client, authentication will fail. If you haven't done that already, please add the standby unit as a RADIUS client on the RADIUS server and try again.

View solution in original post

2 Replies 2

Go to solution
Aref Alsouqi
VIP
VIP

‎10-24-2020 04:05 PM - edited ‎10-24-2020 04:08 PM

Looks like the standby unit is not added as a RADIUS client on the RADIUS server? When you try to ssh/https to the standby unit, the authentication requests will be sourcing from the standby unit IP address, so if the standby unit is not added as a RADIUS client, authentication will fail. If you haven't done that already, please add the standby unit as a RADIUS client on the RADIUS server and try again.

Go to solution
Ilia Alshaev
Level 1
Level 1
In response to Aref Alsouqi

‎10-26-2020 03:20 AM

Sounds awkward, but that was the clue of the problem.

 

Thanks, Aref!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card