03-17-2009 04:39 AM - edited 03-11-2019 08:06 AM
HI there,
I have pair of ASA's configured as Active/Standby, I can access active ASA thro' ssh and ASDM, but not standby ASA, What we have to do to get hold of standby ASA access?
Many thanks,
Raj
Solved! Go to Solution.
03-19-2009 08:57 AM
Rajesh, try telnetting to the any of the interfaces of active & standby devices , if telnet works to both active & standby ip-address then it's an issue with the rsa keys.
03-17-2009 05:25 AM
did you try connecting using the standby ip address assigned to ASA ?
03-19-2009 06:09 AM
Hi,
Tried with standby ASA IP , I can ping the IP , I am getting the message
"ssh_exchange_identification: Connection closed by remote host" whilst we do ssh,
I found the difference while we do telnet with port 22 on primary and secondary ASA, Primary session won't disconnect immediately where as secondaty ASA terminate the session immmediatelly as shown below.
Primary ASA response,
# telnet xxxxxx 22
Trying xxxxx...
Connected to xxxxxxxxxx.
Escape character is '^]'.
SSH-1.99-Cisco-1.25
Secondary ASA response
# telnet yyyyyyyyy 22
Trying yyyyyyyyyyy...
Connected to yyyyyyyyyy
Escape character is '^]'.
Connection closed by foreign host.
Any guess on reason why as configs on primary and secondary ASA are same?
Many thanks,
Rajesh
03-17-2009 05:26 AM
hi,
if they are working in active and standy mode then the config should copy across from the primary to the seconday.
please post your config from the primary ASA.
03-19-2009 06:15 AM
Simple solution...
Configure ssh for oustide or wan ip address on active...
SSH to active ... Then try standby should work
Hope this helps
03-19-2009 06:30 AM
why don't you do ssh instead of telnet/22 and see what's showing in the logs.
03-19-2009 07:31 AM
I can ssh primary ASA successfully and it's fine,While attempting ssh to secondary ASA I am getting error message below, I don't see any relevant logs on active.
"ssh_exchange_identification: Connection closed by remote host"
Thanks,
Raj
03-19-2009 08:57 AM
Rajesh, try telnetting to the any of the interfaces of active & standby devices , if telnet works to both active & standby ip-address then it's an issue with the rsa keys.
03-20-2009 05:58 AM
Telnet works fine for both active and standby ASA's, Is it possible to clear RSA keys for just secondary ASA ?,as I have no issues with primary one, If yes how do we do that?
Thanks,
Rajesh
03-20-2009 06:17 AM
Yes, you are correct, it works after adding crypto keys on secondary ASA.
Many thanks,
Rajesh
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide