03-23-2023 06:12 AM - edited 03-23-2023 06:15 AM
ASA5525 HA pair: ASDM only accessible to secondary (not primary)...
Hello.
With ASDM software I am able to access the ASA pair only through the secondary device (ip address).
When I try with the primary IP address, I receive error "unable to launch device manager from !!ASA address!! 172.16.1.15" (attached below)
When I try to just use the secondary access, when I am about to save config, I receive warning that devices will no longer be in synch.
I ran pcap-- my workstation and the ASA are exchanging application packets on port 443. (attached below)
May you please assist on remediating this symptom?
Thank you.
Solved! Go to Solution.
03-23-2023 06:16 AM - edited 03-23-2023 06:17 AM
@jmaxwellUSAF is the ASDM image uploaded to the flash on primary ASA?
Confirm whether the image is in flash - show asdm image
03-23-2023 06:16 AM - edited 03-23-2023 06:17 AM
@jmaxwellUSAF is the ASDM image uploaded to the flash on primary ASA?
Confirm whether the image is in flash - show asdm image
03-23-2023 06:47 AM
Hi Rob.
The below symptom expressing devices not in sync, disturbs me.
How can I ensure this HA pair is in synch?
Thank you.
"stby(config)# asdm image disk0:/asdm-7191-90.bin
Device Manager image set, but unable to find disk0:/asdm-7191-90.bin
**** WARNING ****
Configuration Replication is NOT performed from Standby unit to Active unit.
Configurations are no longer synchronized."
03-23-2023 06:52 AM
@jmaxwellUSAF the ASDM image file must be manually copied to both peer devices, once the same image is in the same location on both ASA apply - "asdm image disk0:/asdm-7191-90.bin" on the primary firewall. You entered the command on the standby, that won't be synced to the primary.
03-23-2023 07:03 AM
Yes, I fixed that.
Am I correct in understanding that this warning was just 1-time local to that command, and everything else will continue to be synched?
Thank you.
03-23-2023 07:09 AM
@jmaxwellUSAF you'd see that command if you made any changes on the standby appliance. You should ensure you make all changes on the primary ASA only.
If you wish to test synchronisation is still working ok, make an innocuous change from the primary ASA, save the configuration and observe the configuration on the standby ASA.
03-23-2023 07:15 AM
Thank you!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide