Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1573
Views
5
Helpful
4
Replies

How to prevent losing console access to Cisco ASA?

ilya.prokhorov
Level 1
Level 1

‎12-13-2020 08:30 AM

Hello!

I have configured a Active/Standby failover on Cisco ASA.

What actions should be taken to prevent the loss of the control console to the Cisco ASA in failover mode during remote configuration? How do I schedule an automatic rollback of a configuration change if access to hardware is lost?

Thanks in advance for your reply.

4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

‎12-13-2020 08:39 AM

that's not usually we do for rollback, that  only service affected due to change the only role back to consider.

 

still try to understand the issue here, you lost console action due that you want to roleback ?

you can do still SSH right ? to the device ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

ilya.prokhorov
Level 1
Level 1
In response to balaji.bandi

‎12-13-2020 08:46 AM

I would like to know what are the recommendations for secure remote configuration of Cisco ASA.

What should be done in order not to lose access to the equipment if an incorrect command is entered?

 

I'm going to change the Cisc ASA configuration, but I don't want to go to the server room for this.

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎12-13-2020 09:03 AM

what kind of configuration we are considering to change here, most of the changes to be done in change control, you know very well about what going to break

 

if the standard change you not going to loose box access, if the topolog change then you need to have assistance if your risk think that effect whole network.

 

we do many changes every day, but we never lose to ASA for standard changes.

 

That is the reason you have role based access to who can do what changes.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

ilya.prokhorov
Level 1
Level 1
In response to balaji.bandi

‎12-13-2020 10:25 AM

Now Cisco ASA is located in the branch office and has access to the Internet only through PAT, clients have access to the Internet only via Site-to-Site ipsec through the main office.

I connected to Cisco ace through the main office via ipsec. If Site-to-Site wiil be down, I will lost connection.

 

I want to add new ISP to Cisco ASA in branch office, this will change the routing. This is a risky operation if done remotely.

If I do a remote configuration of the switch, then before a risky operation I enter the command "reboot in 5 minutes". But what about configuring the Cisco ASA failover?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card