4020 : Unable to Connect to Management-Int

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

4020 : Unable to Connect to Management-Int

L2 Linker

I have the following configurtion

Two PA 4020 in HA

I can connect to Primary Box over web/ssh/ping but not able to do the same.

Here is my configuration on secondary box.

jksyed@SV-PA-Zulu(passive)# show deviceconfig system service

service {

  disable-http no;

  disable-https no;

  disable-telnet yes;

  disable-ssh no;

  disable-icmp no;

  disable-snmp yes;

jksyed@SC-PA-Zulu(passive)> show system info

hostname: SC-PA-Zulu

ip-address: 192.168.100.11

netmask: 255.255.255.0

default-gateway: 192.168.100.1

ipv6-address:

ipv6-default-gateway:

mac-address: 00:25:90:11:27:6a

time: Sat Feb 12 11:43:54 2011

uptime: 1 days, 23:58:23

family: 4000

model: PA-4020

serial: 0002C101234

sw-version: 3.1.7

vpnclient-package-version: 0.0.0

app-version: 231-877

av-version: 413-528

threat-version: 231-877

url-filtering-version: 3538

logdb-version: 3.0.0

Anyone have any idea, What might be blocking/preventing access to the box?

Any suggestions, would be highly appreciated.

Thanks

Junaid

1 accepted solution

Accepted Solutions

L2 Linker

UPDATE:  There was a duplicate IP on my network in the form of a static NAT on a Cisco ASA.  Please ignore this message 🙂

I was having a similar problem in my lab 4020.  During the course of troubleshooting, I rebooted the box with my PC connected to the PAN via console.  During the boot process, I noticed an error message in the output saying that my management IP was already in use somewhere on the network.  I could not find any indication of a duplicate address on my network, but changing the IP address via the console allowed me to connect through the management port once again.

View solution in original post

5 REPLIES 5

L3 Networker

Hello,

Check to see if anything is blocking the management port such as a proxy.

Thanks,

Oliver

L4 Transporter

Have you tried directly connecting to the management interface from your laptop via a crossover cable?  If the management interface comes up okay when directly connected, this would indicate if you have a networking issue rather than a management interface issue.

Also, be sure to check the basics... Is the management interface plugged in to the right network?  Is the switch port enabled?  Is the switch port configured for the proper vlan?  Is the default gateway on the box set correctly?  You also might try connecting to the console via serial cable and try pinging out from the management interface to verify he can get out.

Not applicable

Hello

I'mt not new to PAN, but I'm new to HA

I'm experiencing the same issue.

I have worked with netscreen & HA in the past, and I had the same issue (I think PAN designer came from NS...)

Try to connect on the same lan, not through routing. You'll get access to the passive node.

I don't know why, but the passive node (like in NS) does not respond to requests coming beyond the default gw.

And also the passive node is not able to download updates, for the same reason.

Regards

This is not the expected behavior when connecting to the management interface with HA enabled.  Please open a ticket to track this issue.

Cheers,

Kelly

L2 Linker

UPDATE:  There was a duplicate IP on my network in the form of a static NAT on a Cisco ASA.  Please ignore this message 🙂

I was having a similar problem in my lab 4020.  During the course of troubleshooting, I rebooted the box with my PC connected to the PAN via console.  During the boot process, I noticed an error message in the output saying that my management IP was already in use somewhere on the network.  I could not find any indication of a duplicate address on my network, but changing the IP address via the console allowed me to connect through the management port once again.

  • 1 accepted solution
  • 6508 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!