Solved: Multiple context mode and Active Active

mahesh18 · ‎05-03-2013

Hi Everyone,

ASA in multiple context mode works as active active mode.

ASA has 2 contexts admin and x.

We have 2 physical ASA say ASA1 and ASA2 .

Under system context we have hostname ASA

When i ssh to ASA1 it brings the ASA/admin mode.

sh failover shows

This host: Primary

When i try to login to ASA 2 it brings me to ASA/x prompt.

sh failover shows

This context: Active

Peer context: Standby Ready

Need to know is there any way that i can login to other physical ASA?

i hope my question makes sense.

Message was edited by: mahesh parmar

Jouni Forss · ‎05-03-2013

Hi Mahesh,

To it seems that you are logging to different contexts in these 2 cases.

Normally an admin always logs to the "admin" context IP address owned either by the primary IP address for the Active unit or the secondary IP address for the Standby unit.

So what I would suggest you do first is that you go to the context "admin" and issue the command "show run interface"

Then go to the context "x" and issue the command "show run interface"

Now check the IP addresses on the interfaces.

Especially the interface on the "admin" context should contain an IP address for both of the ASA units. Check the interface IP address which originally lead you to the "admin" context.

For example

ip address 10.10.10.1 255.255.255.0 standby 10.10.10.2

If the above were true you would connecto the IP address 10.10.10.1 when you wanted to connect to the Active unit and use the IP address 10.10.10.2 when you wanted to connect to the current Standby unit

- Jouni

View solution in original post

Jouni Forss · ‎05-03-2013

Also,

If you want to change how the ASA command prompt looks like to more clearly show what the status of the context/device is to which you log you can use this command

prompt hostname context state

This is configured in the System Context configuration mode/space

The default setting (if you want to change back) should be

prompt hostname context

Here is a link to ASA 8.2 Command Reference explaining this command a bit better

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/p.html#wp1921355

- Jouni

View solution in original post

Jouni Forss · ‎05-03-2013

Hi Mahesh,

To it seems that you are logging to different contexts in these 2 cases.

Normally an admin always logs to the "admin" context IP address owned either by the primary IP address for the Active unit or the secondary IP address for the Standby unit.

So what I would suggest you do first is that you go to the context "admin" and issue the command "show run interface"

Then go to the context "x" and issue the command "show run interface"

Now check the IP addresses on the interfaces.

Especially the interface on the "admin" context should contain an IP address for both of the ASA units. Check the interface IP address which originally lead you to the "admin" context.

For example

ip address 10.10.10.1 255.255.255.0 standby 10.10.10.2

If the above were true you would connecto the IP address 10.10.10.1 when you wanted to connect to the Active unit and use the IP address 10.10.10.2 when you wanted to connect to the current Standby unit

- Jouni

mahesh18 · ‎05-03-2013

Hi Jouni,

Thanks for help again.you were again spot on.

Regards

Mahesh

Jouni Forss · ‎05-03-2013

Also,

If you want to change how the ASA command prompt looks like to more clearly show what the status of the context/device is to which you log you can use this command

prompt hostname context state

This is configured in the System Context configuration mode/space

The default setting (if you want to change back) should be

prompt hostname context

Here is a link to ASA 8.2 Command Reference explaining this command a bit better

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/p.html#wp1921355

- Jouni

mahesh18 · ‎05-03-2013

Hi Jouni,

I tried and it worked.

thanks

Mahesh