Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1296
Views
0
Helpful
3
Replies

Authentication fails on Standby ASA

ajay chauhan
Level 7
Level 7

‎03-14-2011 07:16 AM - edited ‎03-11-2019 01:06 PM

Hi All,

I have 2 ASA box in failover mode auth on active work fine ..i do get ssh or telnet access for standby but that fails.

The floting IP is mentioned in ACS.

Any suggestions.

Thanks

Ajay

Labels:
0 Helpful
3 Replies 3

mirober2
Cisco Employee
Cisco Employee

‎03-14-2011 07:53 AM

Hi Ajay,

A couple of things you can try:

1. First make sure the AAA configuration was correctly replicated to the standby unit (check 'show run aaa' and 'show run aaa-server' to make sure the output matches on both units).
2. Try to ping the ACS server from the Standby unit. If this fails and ACS should reply to pings, troubleshoot the network to find out why communication is failing.
3. Run 'test aaa-server authentication ' on the Standby unit and check what the reason for the failure is.
4. Enable 'debug aaa authentication' on the Standby unit and watch the output when you try to authenticate.

Hope that helps.

-Mike

0 Helpful

tj.mitchell
Level 4
Level 4
In response to mirober2

‎03-14-2011 09:24 AM

If the secondary IP Address isn't in ACS then ACS will not authentication the standby unit.

Treat the standby ASA as a regular device when it comes to this since the source address will be the standby IP not the Floating IP.

0 Helpful

hala samy
Level 1
Level 1
In response to mirober2

‎02-23-2014 12:42 AM

thanks TJ IT Worked for me......

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card