Cisco Systems cisco ASA/PIX failover and VPN, failover IP access problem
Bookmark this page:  YahooMyWeb Yahoo!  Google Google  Windows Live Favorites Windows Live  del.icio.us del.icio.us  digg digg  Add to Netscape Netscape
Subject Author Date
cisco ASA/PIX failover and VPN, failover IP access problem Pit 08-27-08
Posted by Pit on August 27, 2008, 11:34 am
Please log in for more thread options


Hi,

I have a problem and I'd like to ask for some assistance.

* Site B - failover - works fine
I configured two ASAs 5550 for failover with following schematic
setup:

interface outside
 ip address 1.1.1.1 255.255.255.0 standby 1.1.1.2
interface inside
 ip address 10.10.10.1 255.255.255.0 standby 10.10.10.2
I configured stateful failover - it all works fine

* Side A and Side B - VPN - works fine
Now I configured
- VPN between site A - 1.1.1.1 and site B 2.2.2.2
- I can communicate my management inside network 192.168.1.0/24 on
site B
- VPN works fine I can access (and manage via snmp, ssh) IP 10.10.10.1
(active standby) from 192.168.1.0/24 as well as any other machines on
10.10.10.0/24 layer.

* The problem - access to standby inside IP from management network

I cannot access standby inside IP - 10.10.10.2 from 192.168.1.0/24
(via VPN)
Standby device maintains VPN SA and tcp states tables.
When I think about this it makes sense - standby is standby and it is
supposed to work in case of active failure, so when I try to access
intside IP of standby device it tries to send traffic back via VPN
which is working only on active device.

My question is - is there any way to manage standby device via inside
IP (via VPN), or the only way is to use outside IP?

thanks in advance

Piotr

Similar ThreadsPosted
cisco ASA/PIX failover and VPN, failover IP access problem August 27, 2008, 11:34 am
FWSM and dual chassis failover problem October 16, 2006, 5:47 am
Failover problem with Firewall Service Modul (FWSM) Catalyst 6500 April 22, 2010, 10:46 am
Failover problem with Firewall Service Modul (FWSM) Catalyst 6500 April 22, 2010, 10:58 am
Failover on Cisco 3550-12G April 2, 2007, 8:08 am
CISCO ASA 5505 Failover July 23, 2007, 1:36 pm
CIsco 2620XM failover question October 19, 2005, 3:47 pm
Cisco Dual ISP's VPN Failover February 15, 2007, 7:24 am
regarding failover in cisco switch using ospf January 20, 2008, 1:22 am
Cisco 2600 ISDN Failover Configuration April 25, 2006, 3:59 pm
Failover of Ethernet links with Cisco Routers January 16, 2008, 10:20 am
Re: Cisco 2600 ADSL with failover to Ethernet with NAT May 28, 2008, 7:08 am
Re: Cisco 2600 ADSL with failover to Ethernet with NAT May 28, 2008, 4:26 pm
Failover from SDSL to ADSL on a single Cisco 2801 February 9, 2006, 8:47 pm
Cisco ASA 5520: Failover-Link on mgmt port April 16, 2007, 8:27 am
Latest PostsForumRSS
NEWS: Android Mobile Web Market Share Steadily Rising Wireless Networking
c3560 port configuration Cisco Systems
A Strong Password Isn't the Strongest Security [telecom] General Telecommunications Forum
Control Hot Water Circ Pump With X10? General Home Automation
Telecom Hardware Cisco Certification
PROMO * MVTS II v.1.3.1-50 to 1.4.0-50 - Professional Insta... Voice-Over-IP
USB _to_ RJ45 (not from) connection Ethernet LAN
FAQ: Maximizing cable modem or DSL speed Cable Modems
CASH FOR CISCO - I BUY USED AND NEW EQUIPMENT & LOTS MOR... Telecom Technical
FAQ: Maximizing cable modem or DSL speed Digital Subscriber Line
How to set up Meridian 1 to "provide clock" to a C... Nortel Networks
New Discovery about WDM LAN and Telecom Cabling
Control Hot Water Circ Pump With X10? Home Automation
Text file to automate restoring a dropped VPN connection. Virtual Private Networks
Home Theater Installation Home Theater
Re: The Turkic Languages in a Nutshell Fiber Optics
sip Video Conferencing
Residential Cabling Guide Home Cabling Guide

Finally, an instantly downloadable book that saves you thousands in home improvement dollars! Enjoy living in 21st century technology-advanced home while increasing its selling value and competitive advantage on the real estate market. Whether your cabling is for home office or high-tech leisure, you can wire your home yourself or learn "wirish" to speak with your cabling contractors in their language!

Click Here to learn more