Hi,
I have a problem and I'd like to ask for some assistance.
- Site B - failover - works fine I configured two ASAs 5550 for failover with following schematic setup:
interface outside ip address 1.1.1.1 255.255.255.0 standby 1.1.1.2 interface inside ip address 10.10.10.1 255.255.255.0 standby 10.10.10.2 I configured stateful failover - it all works fine
- Side A and Side B - VPN - works fine Now I configured
- VPN between site A - 1.1.1.1 and site B 2.2.2.2
- I can communicate my management inside network 192.168.1.0/24 on site B
- VPN works fine I can access (and manage via snmp, ssh) IP 10.10.10.1 (active standby) from 192.168.1.0/24 as well as any other machines on
10.10.10.0/24 layer.
- The problem - access to standby inside IP from management network
I cannot access standby inside IP - 10.10.10.2 from 192.168.1.0/24 (via VPN) Standby device maintains VPN SA and tcp states tables. When I think about this it makes sense - standby is standby and it is supposed to work in case of active failure, so when I try to access intside IP of standby device it tries to send traffic back via VPN which is working only on active device.
My question is - is there any way to manage standby device via inside IP (via VPN), or the only way is to use outside IP?
thanks in advance
Piotr