https://community.cisco.com/t5/network-security/ssh-access-from-remote-vpn-site/m-p/1139263#M840812 <P>Greetings. </P><P></P><P>As you can see by the configs, I have a simple two-way VPN tunnel from Virginia (10.10.50.x) to Houston (192.168.40.x). The tunnel is up and all is well. What I'd like to do (but for some reason am unable) is to allow users in Virginia (10.10.50.x) to administer the Houston (192.168.40.1) ASA box via ssh. For some reason I'm missing something because it isn't working.</P><P></P><P>*I can SSH to the Houston box from the Houston 192.168.40.x LAN so I know SSH does work. </P><P></P><P>*I've regenerated the keys on at least three occasions in Houston as a troubleshooting technique (crypto key generate rsa modulus 1024)</P><P></P><P>*From the Virginia site I can telnet to 192.168.40.1 over port 22 so I know SSH is open and accessible. It's just that when I try to launch from Putty that I get "network error: software caused connection abort".</P><P></P><P>*I've also tried:</P><P></P><P>ssh 0.0.0.0 0.0.0.0 inside</P><P>ssh 0.0.0.0 0.0.0.0 outside </P><P></P><P>with no luck at all.</P><P></P><P>Any thoughts? </P><P></P><P>Thanks in advance.</P><P></P><P></P><P></P><P> </P><P></P> Mon, 11 Mar 2019 15:35:42 GMT cavemanbobby 2019-03-11T15:35:42Z https://community.cisco.com/t5/network-security/ssh-access-from-remote-vpn-site/m-p/1139263#M840812 <P>Greetings. </P><P></P><P>As you can see by the configs, I have a simple two-way VPN tunnel from Virginia (10.10.50.x) to Houston (192.168.40.x). The tunnel is up and all is well. What I'd like to do (but for some reason am unable) is to allow users in Virginia (10.10.50.x) to administer the Houston (192.168.40.1) ASA box via ssh. For some reason I'm missing something because it isn't working.</P><P></P><P>*I can SSH to the Houston box from the Houston 192.168.40.x LAN so I know SSH does work. </P><P></P><P>*I've regenerated the keys on at least three occasions in Houston as a troubleshooting technique (crypto key generate rsa modulus 1024)</P><P></P><P>*From the Virginia site I can telnet to 192.168.40.1 over port 22 so I know SSH is open and accessible. It's just that when I try to launch from Putty that I get "network error: software caused connection abort".</P><P></P><P>*I've also tried:</P><P></P><P>ssh 0.0.0.0 0.0.0.0 inside</P><P>ssh 0.0.0.0 0.0.0.0 outside </P><P></P><P>with no luck at all.</P><P></P><P>Any thoughts? </P><P></P><P>Thanks in advance.</P><P></P><P></P><P></P><P> </P><P></P> Mon, 11 Mar 2019 15:35:42 GMT https://community.cisco.com/t5/network-security/ssh-access-from-remote-vpn-site/m-p/1139263#M840812 cavemanbobby 2019-03-11T15:35:42Z https://community.cisco.com/t5/network-security/ssh-access-from-remote-vpn-site/m-p/1139264#M840818 <HTML><HEAD></HEAD><BODY><P>try adding the command "management-access inside"</P></BODY></HTML> Fri, 22 May 2009 16:42:16 GMT https://community.cisco.com/t5/network-security/ssh-access-from-remote-vpn-site/m-p/1139264#M840818 srue 2009-05-22T16:42:16Z https://community.cisco.com/t5/network-security/ssh-access-from-remote-vpn-site/m-p/1139265#M840821 <HTML><HEAD></HEAD><BODY><P>Thanks so much for the reply. </P><P></P><P>I forgot to mention that I'd already tried that command, too, with no luck. </P><P></P><P>I'll keep digging...</P></BODY></HTML> Fri, 22 May 2009 16:44:48 GMT https://community.cisco.com/t5/network-security/ssh-access-from-remote-vpn-site/m-p/1139265#M840821 cavemanbobby 2009-05-22T16:44:48Z https://community.cisco.com/t5/network-security/ssh-access-from-remote-vpn-site/m-p/1139266#M840823 <HTML><HEAD></HEAD><BODY><P>try by removing the inside_acl on the houston ASA. If that works then you need to tweak the ACL.</P><P></P><P>hth</P><P>MS</P></BODY></HTML> Fri, 22 May 2009 18:44:49 GMT https://community.cisco.com/t5/network-security/ssh-access-from-remote-vpn-site/m-p/1139266#M840823 mvsheik123 2009-05-22T18:44:49Z https://community.cisco.com/t5/network-security/ssh-access-from-remote-vpn-site/m-p/1139267#M840825 <HTML><HEAD></HEAD><BODY><P>try simply turning on plain jane telnet</P><P>and see if that works-</P><P></P><P>houston#</P><P>telnet 10.10.50.0 255.255.255.0 inside</P><P></P><P>try telneting from a windows box plain telnet</P><P></P><P>if this works, switch your ssh client</P><P></P><P></P></BODY></HTML> Fri, 22 May 2009 19:50:18 GMT https://community.cisco.com/t5/network-security/ssh-access-from-remote-vpn-site/m-p/1139267#M840825 joe19366 2009-05-22T19:50:18Z https://community.cisco.com/t5/network-security/ssh-access-from-remote-vpn-site/m-p/1139268#M840826 <HTML><HEAD></HEAD><BODY><P>Because you're actually trying to SSH to the inside interface IP, you'll need...</P><P></P><P>ssh 10.10.50.0 255.255.255.0 inside</P><P></P><P>However, if you try to SSH with just that, the log will indicate the connection was dropped by the TCP intercept at the outside interface. Therefore, you also need...</P><P></P><P>ssh 10.10.50.0 255.255.255.0 outside</P><P></P><P>However, I have had situations where, after doing this on an ASA 5510 running version 7, it did not work until after I saved the config and rebooted the ASA. Then it worked.</P><P></P><P>So, put in your SSH lines then save and reboot the ASA. Let me know.</P></BODY></HTML> Sat, 23 May 2009 16:58:00 GMT https://community.cisco.com/t5/network-security/ssh-access-from-remote-vpn-site/m-p/1139268#M840826 jeremyault 2009-05-23T16:58:00Z https://community.cisco.com/t5/network-security/ssh-access-from-remote-vpn-site/m-p/1139269#M840831 <HTML><HEAD></HEAD><BODY><P>BINGO!</P><P></P><P>As you indicated, it *did* require the reboot in order for it to take place. I added the config statements without the reboot originally and it did not work. But the reboot did it.</P><P></P><P>It never occurred to me that you'd have to place that subnet on the outside. </P><P></P><P>Thanks a million, man. </P><P></P><P>Cheers. </P></BODY></HTML> Tue, 26 May 2009 13:07:46 GMT https://community.cisco.com/t5/network-security/ssh-access-from-remote-vpn-site/m-p/1139269#M840831 cavemanbobby 2009-05-26T13:07:46Z