Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
2191
Views
3
Helpful
25
Replies

Unable to SSH to ASA Firewall

Go to solution
tebefa3617
Level 1
Level 1

‎05-24-2023 11:21 AM - edited ‎05-25-2023 03:36 AM

Technology and Support

@Aditya Ganjoo  (If you can help)

SSH to ASA is not working. (Below is the packet-capture logs)

Please help.

1: 12:08:18.662746 172.16.16.10.64268 > 10.10.190.2.22: SWE 3477430131:3477430131(0) win 64240 <mss 1460,nop,wscale 8,nop,nop,sackOK>
2: 12:08:18.662807 10.10.190.2.22 > 172.16.16.10.64268: S 2273598963:2273598963(0) ack 3477430132 win 8192 <mss 1380>
3: 12:08:18.665370 172.16.16.10.64268 > 10.10.190.2.22: . ack 2273598964 win 64240
4: 12:08:18.665706 10.10.190.2.22 > 172.16.16.10.64268: R 2273598964:2273598964(0) ack 3477430132 win 64240

Labels:
0 Helpful
25 Replies 25

Go to solution
tebefa3617
Level 1
Level 1
In response to MHM Cisco World

‎05-25-2023 03:54 AM

From 172.16.16.10.64268 to 10.10.190.2.22 is where the problem lies.

Management Subnet is working

 

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to tebefa3617

‎05-25-2023 04:02 AM

share config or interface of ASA

0 Helpful

Go to solution
Flavio Miranda
VIP
VIP
In response to tebefa3617

‎05-25-2023 02:59 AM

As per the logs,  the communication is happening as the firewall replied. 

 What message do you get?  In which interface are you trying to access?  Can you share the show run from firewall? 

1: 12:08:18.662746 172.16.16.10.64268 > 10.10.190.2.22: SWE 3477430131:3477430131(0) win 64240 <mss 1460,nop,wscale 8,nop,nop,sackOK>
2: 12:08:18.662807 10.10.190.2.22 > 172.16.16.10.64268: S 2273598963:2273598963(0) ack 3477430132 win 8192 <mss 1380>
3: 12:08:18.665370 172.16.16.10.64268 > 10.10.190.2.22: . ack 2273598964 win 64240
4: 12:08:18.665706 10.10.190.2.22 > 172.16.16.10.64268: R 2273598964:2273598964(0) ack 3477430132 win 64240

0 Helpful

Go to solution
tebefa3617
Level 1
Level 1
In response to Flavio Miranda

‎05-25-2023 03:01 AM - edited ‎05-25-2023 03:10 AM

@Flavio Miranda

I am accessing via interface cd, it has security level of 75.

The error I get is "Socket was shutdown."


SSH Configuration

no ssh stricthostkeycheck
ssh 172.16.16.10 255.255.255.255 cd
ssh 0.0.0.0 0.0.0.0 management
ssh timeout 5
ssh key-exchange group dh-group1-sha1

0 Helpful

Go to solution
Flavio Miranda
VIP
VIP
In response to tebefa3617

‎05-25-2023 03:53 AM

Only from this cd  interface the SSH fail?  

0 Helpful

Go to solution
tebefa3617
Level 1
Level 1
In response to Flavio Miranda

‎05-25-2023 04:14 AM

Yes, that is correct.

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP

‎05-25-2023 05:14 AM

it not complicate, 
you access via mgmt interface using PC have IP in mgmt interface that OK 
you need to access via other interface you need to use 
ssh <subnet of interface > <interface nameif>

or you can try add 
access-management under interface (not mgmt) you want to use <<- try this way 

0 Helpful

Go to solution
tebefa3617
Level 1
Level 1

‎05-25-2023 09:06 AM

The issue is now resolved, there was an Incorrect IP configured on the Secret Server, and when it was changed to the correct IP the issue got resolved.

Thanks everyone!

Go to solution
MHM Cisco World
VIP
VIP
In response to tebefa3617

‎05-25-2023 09:09 AM

Oh, finally happy ending. 
have a nice day 
MHM

0 Helpful

Go to solution
tebefa3617
Level 1
Level 1
In response to MHM Cisco World

‎05-25-2023 10:28 AM

Yes, happy ending.
Thank you for your inputs @MHM Cisco World 

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to tebefa3617

‎05-25-2023 10:32 AM

You are so welcome 

0 Helpful
Customers Also Viewed These Support Documents
Top