Buy or Renew
Buy or Renew
Meraki Community is live! Welcome Meraki Members! Learn more here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
520
Views
0
Helpful
1
Replies

Software code 8.0.4 for ASA 5520

troyngamyunyong
Visitor

‎03-09-2009 09:01 AM - edited ‎03-11-2019 08:02 AM

Hello All,

I'm fairly new on ASA world. I have a pair of ASA 5520 active/standby failover running version 8.0(4). I'm not sure if these issues that I'm facing are related to this software code but here are the issues:

* CIFS access on the clientless SSL vpn (resolved by upgrading to 8.0(4)12.

* unable to SSH into the ASA when VPN in (TAC case opened)

* in the last 3 weeks ASA had failover to standy unit 3 times and did not see any kind of failure in the syslogs.(working with TAC)

Please let me know if anyone run into this issue or have any suggestions.

regards,

Labels:
0 Helpful
1 Reply 1

JORGE RODRIGUEZ
Level 11
Level 11

‎03-09-2009 05:41 PM

*unable to SSH into the ASA when VPN in

Hi Troy,

You need management-access

where name_if is your management interface if you have it defined as management-only , this statement is needed to manage asa over Ipsec connections.

otherwise most commonly used bellow if no management interface is defined :

management-access inside

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/m.html#wp1987122

*in the last 3 weeks ASA had failover to standy unit 3 times and did not see any kind of failure in the syslogs

1-there must be some type of information somewhere, look ay your firewalls uptime e.i show version will provide their uptime to rule firewall had reload..

2- look at your firewalls flash disks for any carsh info files if any

3- Look at your down stream and up stream switches logs itself as well as switchport where asa5520 interfaces connect to rule out switchport disconnection or switch issues..

4- Observe the patterns when the instances of failover had occured that this just happened ramdomly? to rule out any particular process that may triggered failover, however, when the failover is issued you should have been able to get some logs from the active firewall. or at least local console to the failed firewall to see logs

Strange no logs )

5- Lastly double check your firewalls running code that are the same , perhaps posting the failover configuration will also help to rule out fault in the configuration.

Regards

Jorge Rodriguez
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card