Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
658
Views
3
Helpful
6
Replies

ASA5525 HA pair: ASDM only accessible to secondary (not primary)?

Go to solution
jmaxwellUSAF
VIP
VIP

‎03-23-2023 06:12 AM - edited ‎03-23-2023 06:15 AM

ASA5525 HA pair: ASDM only accessible to secondary (not primary)...

Hello.

With ASDM software I am able to access the ASA pair only through the secondary device (ip address). 

When I try with the primary IP address, I receive error "unable to launch device manager from !!ASA address!! 172.16.1.15" (attached below)

When I try to just use the secondary access, when I am about to save config, I receive warning that devices will no longer be in synch.

I ran pcap-- my workstation and the ASA are exchanging application packets on port 443. (attached below)

May you please assist on remediating this symptom?

Thank you.

Preview file
188 KB
Preview file
28 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎03-23-2023 06:16 AM - edited ‎03-23-2023 06:17 AM

@jmaxwellUSAF is the ASDM image uploaded to the flash on primary ASA?

https://www.cisco.com/c/en/us/support/docs/security/adaptive-security-device-manager/110282-asdm-tshoot.html

Confirm whether the image is in flash - show asdm image

 

View solution in original post

6 Replies 6

Go to solution
Rob Ingram
VIP
VIP

‎03-23-2023 06:16 AM - edited ‎03-23-2023 06:17 AM

@jmaxwellUSAF is the ASDM image uploaded to the flash on primary ASA?

https://www.cisco.com/c/en/us/support/docs/security/adaptive-security-device-manager/110282-asdm-tshoot.html

Confirm whether the image is in flash - show asdm image

 

Go to solution
jmaxwellUSAF
VIP
VIP
In response to Rob Ingram

‎03-23-2023 06:47 AM

Hi Rob.

The below symptom expressing devices not in sync, disturbs me. 

How can I ensure this HA pair is in synch?

Thank you.

"stby(config)# asdm image disk0:/asdm-7191-90.bin
Device Manager image set, but unable to find disk0:/asdm-7191-90.bin
**** WARNING ****
Configuration Replication is NOT performed from Standby unit to Active unit.
Configurations are no longer synchronized."

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to jmaxwellUSAF

‎03-23-2023 06:52 AM

@jmaxwellUSAF the ASDM image file must be manually copied to both peer devices, once the same image is in the same location on both ASA apply - "asdm image disk0:/asdm-7191-90.bin" on the primary firewall. You entered the command on the standby, that won't be synced to the primary.

Go to solution
jmaxwellUSAF
VIP
VIP
In response to Rob Ingram

‎03-23-2023 07:03 AM

Yes, I fixed that.

Am I correct in understanding that this warning was just 1-time local to that command, and everything else will continue to be synched?

Thank you.

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to jmaxwellUSAF

‎03-23-2023 07:09 AM

@jmaxwellUSAF you'd see that command if you made any changes on the standby appliance. You should ensure you make all changes on the primary ASA only.

If you wish to test synchronisation is still working ok, make an innocuous change from the primary ASA, save the configuration and observe the configuration on the standby ASA.

Go to solution
jmaxwellUSAF
VIP
VIP
In response to Rob Ingram

‎03-23-2023 07:15 AM

Thank you!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card