Re: How can I access the secondary ASA5505 of a HA pair

Cormac Champion · ‎07-12-2023

Hi all,

What is probably a simple question, but wih a HA pair, how can I configure the ASA's to be able to access the secondary unit ? Should I simply be Telnetting / SSHing from one to the other to the Failover address ?

Jeet Kumar · ‎07-12-2023

ASA software does not include an ssh client. So you cannot ssh to any device from a given ASA - whether or not it is the peer in an HA pair.

You can however execute commands on the standby and get the output. You do this from the primary unit cli with the following command:

failover exec standby <command>

The command output will appear on the screen of the primary unit cli.

MHM Cisco World · ‎07-12-2023

If you use mgmt then you need to connect your PC to mgmt interface and use active or standby IP to access ASA

Also you need

Telent 0.0.0.0 mgmt

Case2

Use use

Telent 0.0.0.0 INside

Then you can connect your pc to INside subnet and access active or standby.

What ip I need to use ?

You need to use IP you config in active unit as IP for active and IP for standby

For example

Interface gx/x

Ip add 1.1.1.1 255.255.255.0 standby 1.1.1.2

So active will use 1.1.1.1

Standby will use 1.1.1.2

Marius Gunnerud · ‎07-12-2023

to SSH to the standby unit you would need to configure a standby IP on the interface you are using to manage the devices, then SSH to that IP. alternatively you can issue commands on the standby device from the active device using the "failover exec standby ..." command

--
Please remember to select a correct answer and rate helpful posts