Hello everybody,

our customer has a ASA5516 Active/Standby failover cluster running rel. 9.16(3)23
that is working normaly.

Unfortunately it is not possible to access the inside interface (172.26.34.2)
of the standby node using SSH and ASDM. This interface can be pinged from the
management PC.

The access to the inside interface (172.26.34.1) on the active node is no problem.

3Fgw01# show failover
Failover On
Failover unit Primary
Failover LAN Interface: failover GigabitEthernet1/8 (up)
Reconnect timeout 0:00:00
Unit Poll frequency 500 milliseconds, holdtime 2 seconds
Interface Poll frequency 1 seconds, holdtime 5 seconds
Interface Policy 1
Monitored Interfaces 2 of 410 maximum
MAC Address Move Notification Interval not set
Version: Ours 9.16(3)23, Mate 9.16(3)23
Serial Number: Ours JAD20470B0Q, Mate JAD203602LZ
Last Failover at: 09:31:45 GMT Jan 17 2023
        This host: Primary - Active
                Active time: 13554508 (sec)
                slot 1: ASA5516 hw/sw rev (3.0/9.16(3)23) status (Up Sys)
                  Interface 3F-WLAN (172.26.15.254): Normal (Not-Monitored)
                  Interface inside (172.26.34.1): Normal (Monitored)                    <<<=== no problem
                  Interface outside (193.28.163.18): Normal (Monitored)
                  Interface ITCS (192.168.201.11): Normal (Not-Monitored)
                  Interface Funk (172.26.129.253): Normal (Not-Monitored)
                  Interface 3F-Festnetz (172.26.128.254): Normal (Not-Monitored)
                  Interface BK_Office (172.22.103.250): Link Down (Not-Monitored)
                  Interface BK-Transfer (192.168.2.45): Normal (Not-Monitored)
                  Interface management (192.168.1.1): No Link (Not-Monitored)
                slot 2: SFR5516 hw/sw rev (N/A/5.4.1-211) status (Up/Up)
                  ASA FirePOWER, 5.4.1-211, Up, (Monitored)
                slot 2: SFR5516 hw/sw rev (N/A/5.4.1-211) status (Up/Up)
                  ASA FirePOWER, 5.4.1-211, Up, (Monitored)
        Other host: Secondary - Standby Ready
                Active time: 0 (sec)
                slot 1: ASA5516 hw/sw rev (2.0/9.16(3)23) status (Up Sys)
                  Interface 3F-WLAN (0.0.0.0): Normal (Not-Monitored)
                  Interface inside (172.26.34.2): Normal (Monitored)			<<<=== problem
                  Interface outside (193.28.163.19): Normal (Monitored)
                  Interface ITCS (0.0.0.0): Normal (Not-Monitored)
                  Interface Funk (0.0.0.0): Normal (Not-Monitored)
                  Interface 3F-Festnetz (0.0.0.0): Normal (Not-Monitored)
                  Interface BK_Office (0.0.0.0): Normal (Not-Monitored)
                  Interface BK-Transfer (0.0.0.0): Normal (Not-Monitored)
                  Interface management (192.168.1.2): Normal (Not-Monitored)
                slot 2: SFR5516 hw/sw rev (N/A/5.4.1-211) status (Up/Up)
                  ASA FirePOWER, 5.4.1-211, Up, (Monitored)
                slot 2: SFR5516 hw/sw rev (N/A/5.4.1-211) status (Up/Up)
                  ASA FirePOWER, 5.4.1-211, Up, (Monitored)

I have already rebootet the standby node and the SSH and ASDM configuration
does not show a mistake in my eyes.

A configuration change on the active node will be synced to the mate
immediately.

The output of the command:

show crypto key mypubkey rsa

is exactly the same on both nodes.

I have ser. console access to both nodes.

Attached you find the configuration of the standby unit.

What can I try to get SSH & ASDM access to the standby unit too?

Every hint is appreciated!

Thanks a lot!

Bye
R.