02-15-2017 03:09 PM - edited 03-12-2019 01:56 AM
I have a question about the ASDM. We have a primary/secondary configuration and having a problem where we can access the ASDM via the secondary IP but not the primary. The only way to access the primary FW is to ssh from the core router. I can reach download the ASDM via http when I use the secondary IP. However, the ASDM is unreachable using the primary IP. The webpage can't be displayed. When I go to monitor-failover, the ASDM has the correct information with the secondary IP as the the standby and primary IP as the active. When I'm in the command line of the primary, the failover shows correct also with the secondary IP as standby the primary as active. When I'm in the command line, the IP interfaces has the correct IP. When the ASDM is downloaded with the secondary IP I notice that the inside interface has the IP address of the primary IP. Does the ASDM suppose to show the primary IP address on the interface or should it show the secondary IP address?
02-15-2017 04:43 PM
Hi
I'm sorry but I don't get your concern.
You have a asa active/standby environment.
You're trying to access your asa through your internal ip. When you user the primary ip it isn't working while you user the secondary ip it works. Is it correct?
Could you paste your config?
Thanks
PS: Please don't forget to rate and mark as correct answer if this answered your question
02-16-2017 05:23 AM
So the firewalls are configured for fail over.
Firewall1 is primary. I can access it only through ssh from my core router. I can't access it through https to get to to the ASDM.
When I'm in FW1 (.45), the ip address shows .45 as the inside interface and ..166 as the management. When I do a show fail over, it shows itself as the active and FW2 (.46) as the standby
FW2 (.46 inside and .167 management), is accessible via https to download the ASDM.
When I download the ASDM from FW2 (.46), it has .45 as the IP address on the interface. But that is FW1 IP address. When I go to fail over status, it has itself as the standby and FW1 (.45) as the active.
So the question is does the ASDM suppose to show the primary FW's IP on the interface under device setup if the the FW's are in fail over configuration. Or should it show the IP address of the FW that I'm logged into. Also, what would keep me from being able to access FW1 via https since they are both in the same IP space? They both have the aaa authentication http console LOCAL configured
02-16-2017 06:21 AM
Hi
I don't use ASDM a lot, I prefer CLI :-)
However, it should show you the IP you're connected to.
Could you paste your ASA Primary config? There is no reason why you can't access ASDM.
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide