Fabian,
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On
> Behalf Of Fabian Pucciarelli
> Sent: Thursday, August 12, 2010 1:35 PM
> To: Cisco certification
> Subject: ASA 5520 failover exec mate command
>
> Hi experts,
> I have 2 asa 5520 configured on failover mode and authentication tacacs, I
> cannot find a way to execute commands on the standby unit using my tacacs
> login. For example
>
> DURHAM(config)# failover exec mate sh ver Fallback authorization.
> Username 'enable_1' not in LOCAL database
>
> Is there a way to change this behavior so commands sent from the active unit
> to the standby units are executed under a different username? The only way
> I've found to make this work is add the enable_1 user to my local database.
>
Try adding the standby ASA internal / external IP to your TACACS+ server. Using an ACS backend (any TACACS+ will work), I'm able to issues commands on the slave ASA.
-ryan
Blogs and organic groups at http://www.ccie.net
Received on Thu Aug 12 2010 - 17:40:16 ART
This archive was generated by hypermail 2.2.0 : Wed Sep 01 2010 - 11:20:52 ART