03-14-2011 07:16 AM - edited 03-11-2019 01:06 PM
Hi All,
I have 2 ASA box in failover mode auth on active work fine ..i do get ssh or telnet access for standby but that fails.
The floting IP is mentioned in ACS.
Any suggestions.
Thanks
Ajay
03-14-2011 07:53 AM
Hi Ajay,
A couple of things you can try:
1. First make sure the AAA configuration was correctly replicated to the standby unit (check 'show run aaa' and 'show run aaa-server' to make sure the output matches on both units).
2. Try to ping the ACS server from the Standby unit. If this fails and ACS should reply to pings, troubleshoot the network to find out why communication is failing.
3. Run 'test aaa-server authentication
4. Enable 'debug aaa authentication' on the Standby unit and watch the output when you try to authenticate.
Hope that helps.
-Mike
03-14-2011 09:24 AM
If the secondary IP Address isn't in ACS then ACS will not authentication the standby unit.
Treat the standby ASA as a regular device when it comes to this since the source address will be the standby IP not the Floating IP.
02-23-2014 12:42 AM
thanks TJ IT Worked for me......
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide