topic Re: Unable to access device through PUTTY in Network Security

Unable to access device through PUTTY

Mahinmitrxblr — Mon, 11 Mar 2019 16:18:52 GMT

When I am trying to access one of the device through putty I am getting error.

but when I tried to telnet with port 22 to that device ip , I can see port as open.

I am trying with public IP , assuming it is natted in other end FW.

What would be the reason ?

Re: Unable to access device through PUTTY

JORGE RODRIGUEZ — Wed, 23 Sep 2009 14:48:59 GMT

Best is to go over your ssh implementation, take a look at this link and compare it to your configuration.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008069bf1b.shtml

if still not joy post config

Re: Unable to access device through PUTTY

Mahinmitrxblr — Wed, 23 Sep 2009 15:01:19 GMT

Sorry I think I confused you , I do not want to setup ssh in FW.

scenario:

I can telnet 216.88.36.91 22 from cmd prompt , but I am not able to connect using putty and getting error - network error.

Re: Unable to access device through PUTTY

JORGE RODRIGUEZ — Wed, 23 Sep 2009 15:15:44 GMT

Sorry too.. missed understood !

Use SSHv2 , I just tested ssh to that address using different ssh client from yours and got error saying sshv2, once I change my client to use sshv2 worked.

[edit]

in your putty ssh section select to connect using ssh protocol version 2.

Re: Unable to access device through PUTTY

JORGE RODRIGUEZ — Wed, 23 Sep 2009 16:31:28 GMT

Mahin, is your problem solved or still having issues?

Re: Unable to access device through PUTTY

Mahinmitrxblr — Wed, 23 Sep 2009 16:35:52 GMT

In my putty it is version 2 only,but it does not work.

Could you attach the setup file of putty which you are using?

Re: Unable to access device through PUTTY

JORGE RODRIGUEZ — Wed, 23 Sep 2009 17:23:25 GMT

Primarily use SecureCRT client - see attached.. I don't use putty but just loaded a copy from another system in lab-what would the config file name be don't seem to fine one..

In any event.. it must be your client settings - I launch putty and also worked .. in putty under SSH settings is configured as

Re: Unable to access device through PUTTY

Mahinmitrxblr — Wed, 23 Sep 2009 17:39:27 GMT

I am getting the different error that I have attached here.

I routed the traffic through another ISP(Backup ISP) and it is working.

Re: Unable to access device through PUTTY

Kureli Sankar — Wed, 23 Sep 2009 17:50:38 GMT

Seem like the rsa key pair hasn't been created.

Pls. follow this procedure to enable ssh on the firewall.

Ssh 0 0 outside

Crypto key generate rsa modulus 1024

Username Cisco password Cisco priv 15

Aaa authentication ssh console LOCAL

Aaa authentication enable console LOCAl

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/mgaccess.html#wp1042023

Bear in mind, you can only ssh to the closest interface of the firewall.

Meaning, you cannot be on the inside and try to ssh to the outside interface IP address.

Re: Unable to access device through PUTTY

JORGE RODRIGUEZ — Wed, 23 Sep 2009 18:12:16 GMT

Kureli, I believe Mahin is trying to ssh to an internal system running ssh not the firewall itself .. I thought that at the begining as well.. above procedure will not resolve this issue.

Regards

[edit]

Mahin.. in your putty client go to SSH settings and under Encryption cipher selection policy: have AES(SSH-2only) as the first TOP choice in the order - see if that helps

Re: Unable to access device through PUTTY

Mahinmitrxblr — Thu, 24 Sep 2009 09:30:12 GMT

Let me clear the scenario once again.

I am trying to ssh to 216.88.36.91.

we have two ISP connection ,lets say ISP1 and ISP2.

ISP1 is connected to 515E FW and ISP2 is connected to another 515E FW.

I can access through the second ISP2 that is our Backup ISP , but through the second ISP 1 I am getting error which I attached earlier.

If you need FW logs I can forward you that.

Re: Unable to access device through PUTTY

Mahinmitrxblr — Fri, 25 Sep 2009 12:51:05 GMT

Do you have any idea on this ?

Re: Unable to access device through PUTTY

JORGE RODRIGUEZ — Fri, 25 Sep 2009 12:54:29 GMT

Im not to clear about your setup, so you have two PIXes one being the primary ISP1 and other PIX as secondary ISP2.. so you have two different Public IP blocks?

what is the default route point to in the system running ssh in relation to PIX ISP1 and ISP2.

now what Im not to clear either is that I have tested your ssh connection using 216.88.36.91 and it worked.. so Im assuming you have NAT setup in PIX off ISP2 using 216.88.36.91 address.. are you using different address for ISP1.

if you could provide some fw logs while you try connecting to ssh that would help.

Regards

Re: Unable to access device through PUTTY

Kureli Sankar — Fri, 25 Sep 2009 13:21:51 GMT

Thanks John for clarifying.

I am not sure about the topology. I thought I posted this yesterday but may have missed to hit the post button.

|--ISP1--FW1--Host1

Internet--

|---ISP2--FW2--Host2

Now, which device owns this IP address 216.88.36.91?

I tried to ssh to 216.88.36.91 and it failed. I got the same message "Network error: Connection timed out".

Do the inside of the two firewalls belong to the same subnet?

Where is the source which is trying to ssh live?

What do you see in the logs when you attempt this SSH and when it fails?