cisco ASA/PIX failover and VPN, failover IP access problem|
|
|
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
|||||||
|
Posted by Pit on August 27, 2008, 11:34 am
Please log in for more thread options
Hi, I have a problem and I'd like to ask for some assistance. * Site B - failover - works fine I configured two ASAs 5550 for failover with following schematic setup: interface outside ip address 1.1.1.1 255.255.255.0 standby 1.1.1.2 interface inside ip address 10.10.10.1 255.255.255.0 standby 10.10.10.2 I configured stateful failover - it all works fine * Side A and Side B - VPN - works fine Now I configured - VPN between site A - 1.1.1.1 and site B 2.2.2.2 - I can communicate my management inside network 192.168.1.0/24 on site B - VPN works fine I can access (and manage via snmp, ssh) IP 10.10.10.1 (active standby) from 192.168.1.0/24 as well as any other machines on 10.10.10.0/24 layer. * The problem - access to standby inside IP from management network I cannot access standby inside IP - 10.10.10.2 from 192.168.1.0/24 (via VPN) Standby device maintains VPN SA and tcp states tables. When I think about this it makes sense - standby is standby and it is supposed to work in case of active failure, so when I try to access intside IP of standby device it tries to send traffic back via VPN which is working only on active device. My question is - is there any way to manage standby device via inside IP (via VPN), or the only way is to use outside IP? thanks in advance Piotr | |||||||
|
Home Cabling GuideFinally, an instantly downloadable book that saves you thousands in home improvement dollars! Enjoy living in 21st century technology-advanced home while increasing its selling value and competitive advantage on the real estate market. Whether your cabling is for home office or high-tech leisure, you can wire your home yourself or learn "wirish" to speak with your cabling contractors in their language! Learn More |