Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
232
Views
0
Helpful
3
Replies

Cisco ASA cluster with ASDM only login on one ASA

breef0001
Level 1
Level 1

‎06-03-2015 07:26 AM - edited ‎03-11-2019 11:02 PM

After upgrading the ASA cluster of a customer to firmware 9 we can no longer log in to both units with ASDM.

It is only possible to login to one unit, the second unit does not accept any username/password combination.

The problem is not related to an ASA being the active or standby unit.

 

Labels:
0 Helpful
3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

‎06-03-2015 11:38 AM

Please provide a little more information. To start:

- What exact version of ASA software did you upgrade to?

- Are you able to login via command line on either or both units? How about console?

- What does "show failover" indicate on the unit you are able to access?

0 Helpful

breef0001
Level 1
Level 1
In response to Marvin Rhoads

‎06-17-2015 03:22 AM

Hello Marvin, thank you for your reply.

We are able to login with CLI to both units

 

The ASA's run both 9.4(1)

 

 

Result of the command: "show failover"
 
Failover On
Failover unit Primary
Failover LAN Interface: HA GigabitEthernet0/7 (up)
Reconnect timeout 0:00:00
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 3 of 516 maximum
MAC Address Move Notification Interval not set
Version: Ours 9.4(1), Mate 9.4(1)
Last Failover at: 12:02:01 CEDT May 27 2015
            This host: Primary - Active
                        Active time: 1122758 (sec)
                        slot 0: ASA5555 hw/sw rev (1.0/9.4(1)) status (Up Sys)
                          Interface DMZ (172.17.100.253): Normal (Monitored)
                          Interface LAN (172.25.100.253): Normal (Monitored)
                          Interface management (172.25.125.1): Normal (Monitored)
            Other host: Secondary - Standby Ready
                        Active time: 870868 (sec)
                        slot 0: ASA5555 hw/sw rev (1.0/9.4(1)) status (Up Sys)
                          Interface DMZ (172.17.100.254): Normal (Monitored)
                          Interface LAN (172.25.100.254): Normal (Monitored)
                          Interface management (172.25.125.2): Normal (Monitored)
 
Stateful Failover Logical Update Statistics
            Link : HA GigabitEthernet0/7 (up)
            Stateful Obj      xmit       xerr       rcv        rerr     
            General            114876795  0          42492755   157      
            sys cmd           276620     0          276617     0        
            up time             0          0          0          0        
            RPC services    0          0          0          0        
            TCP conn         55565558   0          35566814   0        
            UDP conn        58696040   0          6471610    0        
            ARP tbl            330553     0          173352     0        
            Xlate_Timeout  0          0          0          0        
            IPv6 ND tbl       0          0          0          0        
            VPN IKEv1 SA 0          0          0          0        
            VPN IKEv1 P2 0          0          0          0        
            VPN IKEv2 SA 0          0          0          0        
            VPN IKEv2 P2 0          0          0          0        
            VPN CTCP upd            0          0          0          0        
            VPN SDI upd    0          0          0          0        
            VPN DHCP upd            0          0          0          0        
            SIP Session     3893       0          2152       0        
            SIP Tx 2398       0          1341       0        
            SIP Pinhole      1718       0          868        151      
            Route Session 12         0          0          6        
            Router ID          0          0          0          0        
            User-Identity     3          0          1          0        
            CTS SGTNAME            0          0          0          0         
            CTS PAC          0          0          0          0        
            TrustSec-SXP   0          0          0          0        
            IPv6 Route       0          0          0          0        
            STS Table        0          0          0          0        
 
            Logical Update Queue Information
                                   Cur       Max      Total
            Recv Q:            0          36        42960659
            Xmit Q:            0          29        115521258
0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to breef0001

‎06-17-2015 05:50 AM

That looks normal.

How are you authenticating ASDM (http) users?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card