Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
269
Views
0
Helpful
3
Replies

Ciso ASDM

corey.burden
Level 1
Level 1

‎02-15-2017 03:09 PM - edited ‎03-12-2019 01:56 AM

I have a question about the ASDM.   We have a primary/secondary configuration and having a problem where we can access the ASDM via the secondary IP but not the primary.  The only way to access the primary FW is to ssh from the core router.   I can reach download the ASDM via http when I use the secondary IP.  However, the ASDM is unreachable using the primary IP.  The webpage can't be displayed.   When I go to monitor-failover, the ASDM has the correct information with the secondary IP as the the standby and primary IP as the active.  When I'm in the command line of the primary, the failover shows correct also with the secondary IP as standby the primary as active.  When I'm in the command line, the IP interfaces has the correct IP. When the ASDM is downloaded  with the secondary IP I notice that the inside interface has the IP address of the primary IP. Does the ASDM suppose to show the primary IP address on the interface or should it show the secondary IP address?

Labels:
0 Helpful
3 Replies 3

Francesco Molino
VIP Alumni
VIP Alumni

‎02-15-2017 04:43 PM

Hi

I'm sorry but I don't get your concern.

You have a asa active/standby environment.

You're trying to access your asa through your internal ip. When you user the primary ip it isn't working while you user the secondary ip it works. Is it correct?

Could you paste your config?

Thanks

PS: Please don't forget to rate and mark as correct answer if this answered your question 


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

corey.burden
Level 1
Level 1
In response to Francesco Molino

‎02-16-2017 05:23 AM

So the firewalls are configured for fail over.

Firewall1 is primary.  I can access it only through ssh from my core router.  I can't access it through https to get to to the ASDM. 

When I'm in FW1 (.45), the ip address shows .45 as the inside interface and ..166 as the management.   When I do a show fail over, it shows itself as the active and FW2 (.46) as the standby

FW2 (.46 inside and .167 management), is accessible  via https to download the ASDM. 

When I download the ASDM from FW2 (.46), it has .45 as the IP address on the interface.  But that is FW1 IP address.  When I go to fail over status, it has itself as the standby and FW1 (.45) as the active.

So the question is does the ASDM suppose to show the primary FW's IP on the interface under device setup  if the the FW's are in fail over configuration.  Or should it show the IP address of the FW that I'm logged into.    Also, what would keep me from being able to access FW1 via https since they are both in the same IP space?  They both have the aaa authentication http console LOCAL configured

0 Helpful

Francesco Molino
VIP Alumni
VIP Alumni
In response to corey.burden

‎02-16-2017 06:21 AM

Hi

I don't use ASDM a lot, I prefer CLI :-)

However, it should show you the IP you're connected to.

Could you paste your ASA Primary config? There is no reason why you can't access ASDM.

Thanks


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card