Tuesday, June 29, 2010

ASA it is not accessible when we telnet IPS. ASA - AIP-SSM20

We have two ASA with AIP-SSM20 .One of the ASA is in standby that means the AIP-SSM20 on the standby is also idle because no traffic is forwarded to ASA when it is in standby mode?
While we telnet IPS of standby ASA it is not accessible and also can't see any logs from the IPS which is in standby mode of ASA in IME, (IPS MANAGER EXPRESS) logs from IPS which is on active ASA can be viewed. Any suggestions or hints will be appreciated?


When the ASA is in standby mode, there won't be any traffic going through the ASA, hence nothing will be forwarded towards the AIP module as well because traffic to be inspected by the AIP module is routed through the ASA backplane.

The AIP module on the standby ASA needs to be setup manually as well (ie: configuration will not be synchronised from the active AIP module towards the standby). You would need to configure a unique ip address on the standby AIP module and the port on the module needs to be connected to the network and be accessible. Further to that, if there is no traffic passing through the ASA (when it's in standby mode), there won't be any logs generated by the AIP module because traffic doesn't pass through it.

