12-01-2008 11:30 PM
Hi after having an issue with my ASA 5520 Active/Standby i had disabled the failover on both devices.
I then re-enabled the failover by issuing the failover command on the primary device first then the failover command on the second device.
sh failover on the primary:
Failover On
Failover unit Primary
Failover LAN Interface: failover Management0/0 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 2 of 250 maximum
Version: Ours 8.0(3), Mate 8.0(3)
Last Failover at: 13:30:37 ACDT Nov 25 2008
This host: Primary - Active
Active time: 619894 (sec)
slot 0: ASA5520 hw/sw rev (2.0/8.0(3)) status (Up Sys)
Interface inside (##.##.231.000): Normal
Interface outside (##.###.##.##): Normal
Interface Liift-DMZ-E (##.##.###.###): Normal (Not-Monitored)
Interface Mesant-DMZ-E (##.##.###.###): Normal (Not-Monitored)
Interface Service-DMZ-E (##.##.###.###): Normal (Not-Monitored)
slot 1: ASA-SSM-10 hw/sw rev (1.0/6.1(1)E2) status (Up/Up)
IPS, 6.1(1)E2, Up
Other host: Secondary - Standby Ready
Active time: 0 (sec)
slot 0: ASA5520 hw/sw rev (2.0/8.0(3)) status (Up Sys)
Interface inside (##.##.231.888): Normal
Interface outside (##.###.##.##): Normal
Interface Liift-DMZ-E (##.##.###.###): Normal (Not-Monitored)
Interface Mesant-DMZ-E (##.##.###.###): Normal (Not-Monitored)
Interface Service-DMZ-E (##.##.###.###): Normal (Not-Monitored)
slot 1: ASA-SSM-10 hw/sw rev (1.0/6.1(1)E2) status (Up/Up)
IPS, 6.1(1)E2, Up
sh failover on the secondary:
sh fail
Failover On
Failover unit Secondary
Failover LAN Interface: failover Management0/0 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 2 of 250 maximum
Version: Ours 8.0(3), Mate 8.0(3)
Last Failover at: 16:21:09 ACDT Dec 2 2008
This host: Secondary - Standby Ready
Active time: 0 (sec)
slot 0: ASA5520 hw/sw rev (2.0/8.0(3)) status (Up Sys)
Interface inside (##.##.231.000): Normal (Waiting)
Interface outside (##.##.###.##): Normal (Waiting)
Interface Liift-DMZ-E (##.##.###.###): Normal (Not-Monitored)
Interface Mesant-DMZ-E (##.##.###.###): Normal (Not-Monitored)
Interface Service-DMZ-E (##.##.###.###): Normal (Not-Monitored)
slot 1: ASA-SSM-10 hw/sw rev (1.0/6.1(1)E2) status (Up/Up)
IPS, 6.1(1)E2, Up
Other host: Primary - Active
Active time: 616143 (sec)
slot 0: ASA5520 hw/sw rev (2.0/8.0(3)) status (Up Sys)
Interface inside (##.##.231.888): Normal (Waiting)
Interface outside (##.###.##.##): Normal (Waiting)
Interface Liift-DMZ-E (##.##.###.###): Normal (Not-Monitored)
Interface Mesant-DMZ-E (##.##.###.###): Normal (Not-Monitored)
Interface Service-DMZ-E (##.##.###.###): Normal (Not-Monitored)
slot 1: ASA-SSM-10 hw/sw rev (1.0/6.1(1)E2) status (Up/Up)
IPS, 6.1(1)E2, Up
so looks good.
But since i enabled failover on the secondary unit, i can no loner get SSH or ASDM connection (444) to either of these devices from my pc? i can ping directly connnected networks from both devices and can confirm interfaces are up via console. But i cant management connection to them via IP any more.
anyone ever seen this issue?
12-02-2008 08:43 AM
Hi Jason,
You said "i had disabled the failover on both devices".
->> You do not have to disable both device
->> Disable only the Active , then check again.
HTH
DAK
08-21-2009 03:35 AM
"no http server enable" and "http server enable" will solve your ASDM-problem, but you need ssh or the console to do that.
08-28-2009 07:48 AM
With the above commands should work, if that doesn't work you can try to regenerate the crypto keys and try again...
"crypto key generate rsa key"
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide