04-01-2020 02:42 AM
Hello,
I have a Cisco ASA configuration : HA- Active/Standby.
As soon as I set up standby, I lose the ssh connection. This is because the management interface is overwritten by the synchronization of the configuration with the 'Active'.
Can you help me, please?
Solved! Go to Solution.
04-01-2020 03:43 AM
you could be using the default RSA key in ASA. as long as you have ASA connection via SSH it mean you have RSA keys either custom defined or system defined.
please do not forget to rate the post as it will help other engineers
04-01-2020 03:04 AM
as soon as you failover to stanby you lost the connection to ssh. if so that is normal behaviour as the mac adresses reason.
04-01-2020 03:17 AM
Hi,
Once the Active/Standby process is done, you should be able to SSH into both, assuming you generated RSA keys on both, as these are not synchronised.
In general, there is no real need to SSH into the second device, you can send commands to the standby ASA via "failover exec" commands.
Regards,
Cristian Matei.
04-01-2020 03:29 AM
As @Cristian Matei mentioned "failover exec" this is very useful.
failover exec interface GigabitEthernet0/1
failover exec active show failover
04-01-2020 03:33 AM
Thank you for the answer on the operating principle.
In fact, I would like to work in a lab so that I can fully understand how it works.
I didn't generate any RSA keys. Is there a solution without RSA.
Yours sincerely,
bcr.
04-01-2020 03:43 AM
you could be using the default RSA key in ASA. as long as you have ASA connection via SSH it mean you have RSA keys either custom defined or system defined.
please do not forget to rate the post as it will help other engineers
04-01-2020 11:34 AM
Hello,
Thank you for your response.
I tried using a unique RSA key on ASA1 and ASA2 and it works.
Can you tell me the source of cisco information on this problem.
Cordially,
bcr.
04-01-2020 03:24 AM
In Active/standby failover the active device uses the primary unit MAC addresses. In the event of failover the secondary appliance becomes active and takes over the primary unit MAC addreses. whereas the active device now standby takes over the standby unit MAC addresses. After the standby appliance become active, it sends out a gratuitous ARP on ther network. A gratuitous ARP is an ARP request that the appliace sends out on the ethernet networks with the source and destination IP Addresses of the active ip addresses. The destination MAC address is the ethernet broadcast address. all devices on ther ethernet segment process this braodcast frmae and update the their arp table with this information. using gratuittous arp the layer 2 devices including switches also updates the content CAM table with the mac address and updated switch port infirmation.
hope this will you understad whats happening behind the scene.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide