Solved: SSH to Failover Interface of Active/Standby ASA

mahesh18 · ‎05-30-2014

Hi Everyone,

I have config ASA as Active/Standby for home lab for learning purposes.

I was trying to ssh to failover interface IP of active device but it did not work from my PC

May 30 2014 22:50:40: %ASA-6-110002: Failed to locate egress interface for TCP from inside:10.0.0.21/54702 to 10.30.30.1/22

pri/act/ASA1#                                                 sh failover inte$
        interface fo Vlan30
                System IP Address: 10.30.30.1 255.255.255.252
                My IP Address    : 10.30.30.1
                Other IP Address : 10.30.30.2

PC is behind ASA inside interface.

Need to know by design is ssh possible to failover interface IP address or not?

Regards

MAhesh

Marvin Rhoads · ‎05-31-2014

Mahesh,

Please refer to the configuration guide which states :

"The failover link interface is not configured as a normal networking interface; it exists for failover communication only. This interface can only be used for the failover link (and optionally also for the state link)."

So the answer is "no".

View solution in original post

jpl861 · ‎05-31-2014

That is possible. You should be able to SSH if your active/standby firewall is in normal state. Try to generate the crypto keys again while on active/standby mode then save. If you can ping both active and standby IPs then there's very much little to troubleshoot. If you can SSH the active IP then much better. You'll figure it out. :)

Marvin Rhoads · ‎05-31-2014

Mahesh,

Please refer to the configuration guide which states :

"The failover link interface is not configured as a normal networking interface; it exists for failover communication only. This interface can only be used for the failover link (and optionally also for the state link)."

So the answer is "no".

mahesh18 · ‎05-31-2014

Thanks for Answering the question.

Best Regards

MAhesh