06-18-2008 08:12 PM - edited 03-11-2019 06:01 AM
Hi!
Sorry for the simple question, but how can one remotely access the CLI for a failover unit in an ASA pair? If I SSH/Telnet into the address used, I get the primary unit...
Thanks!
06-18-2008 08:40 PM
Hi,
You must use the IP address of the interface of the standby firewall.
I hope this helps.
Best regards.
Massimiliano
06-19-2008 10:55 PM
Hi,
What interface address? The failover or state interfaces are not valid options for allowing SSH/Telnet on, and the data interfaces (inside, outside, etc...) don't have an IP address, since the unit is the standby.
I can see how a terminal server can be used to access the console port, but are there any options that don't rely on additional hardware?
Thanks!
06-19-2008 07:43 AM
You can't unless you have a terminal server that will allow you console access to the standby unit. Using the standby's IP without a TS logs you on the active unit.
06-20-2008 03:33 AM
No you can do this 'for sure'. You have to use the 'standby' IP address in order to achieve this.
interface gig 0/0
nameif inside
sec 100
ip address 192.168.1.200 255.255.255.0 standby 192.168.1.201
Host-PC> telnet 192.168.1.201
Regards
Farrukh
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide