cisco ASA/PIX failover and VPN, failover IP access problem

Discussion in 'Cisco' started by Pit, Aug 27, 2008.

  1. Pit

    Pit Guest

    Hi,

    I have a problem and I'd like to ask for some assistance.

    * Site B - failover - works fine
    I configured two ASAs 5550 for failover with following schematic
    setup:

    interface outside
    ip address 1.1.1.1 255.255.255.0 standby 1.1.1.2
    interface inside
    ip address 10.10.10.1 255.255.255.0 standby 10.10.10.2
    I configured stateful failover - it all works fine

    * Side A and Side B - VPN - works fine
    Now I configured
    - VPN between site A - 1.1.1.1 and site B 2.2.2.2
    - I can communicate my management inside network 192.168.1.0/24 on
    site B
    - VPN works fine I can access (and manage via snmp, ssh) IP 10.10.10.1
    (active standby) from 192.168.1.0/24 as well as any other machines on
    10.10.10.0/24 layer.

    * The problem - access to standby inside IP from management network

    I cannot access standby inside IP - 10.10.10.2 from 192.168.1.0/24
    (via VPN)
    Standby device maintains VPN SA and tcp states tables.
    When I think about this it makes sense - standby is standby and it is
    supposed to work in case of active failure, so when I try to access
    intside IP of standby device it tries to send traffic back via VPN
    which is working only on active device.

    My question is - is there any way to manage standby device via inside
    IP (via VPN), or the only way is to use outside IP?

    thanks in advance

    Piotr
    Pit, Aug 27, 2008
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. GVB
    Replies:
    1
    Views:
    2,729
    Martin Bilgrav
    Feb 6, 2004
  2. Replies:
    1
    Views:
    3,300
  3. andypatterson24
    Replies:
    2
    Views:
    2,839
    andypatterson24
    Apr 25, 2008
  4. BF
    Replies:
    2
    Views:
    731
  5. Igor Mamuziæ aka Pseto
    Replies:
    0
    Views:
    1,081
    Igor Mamuziæ aka Pseto
    Jan 6, 2010
Loading...

Share This Page