05-24-2023 11:21 AM - edited 05-25-2023 03:36 AM
@Aditya Ganjoo (If you can help)
SSH to ASA is not working. (Below is the packet-capture logs)
Please help.
1: 12:08:18.662746 172.16.16.10.64268 > 10.10.190.2.22: SWE 3477430131:3477430131(0) win 64240 <mss 1460,nop,wscale 8,nop,nop,sackOK>
2: 12:08:18.662807 10.10.190.2.22 > 172.16.16.10.64268: S 2273598963:2273598963(0) ack 3477430132 win 8192 <mss 1380>
3: 12:08:18.665370 172.16.16.10.64268 > 10.10.190.2.22: . ack 2273598964 win 64240
4: 12:08:18.665706 10.10.190.2.22 > 172.16.16.10.64268: R 2273598964:2273598964(0) ack 3477430132 win 64240
Solved! Go to Solution.
05-25-2023 09:06 AM
The issue is now resolved, there was an Incorrect IP configured on the Secret Server, and when it was changed to the correct IP the issue got resolved.
Thanks everyone!
05-24-2023 11:39 AM
@Flavio Miranda Can you please take a look at this and help?
05-24-2023 11:57 AM
Sure, this is Real Firewall ?
05-25-2023 02:53 AM
Yes it is a real firewall.
05-25-2023 02:55 AM
share the config of ASA
05-25-2023 02:58 AM - edited 05-25-2023 02:58 AM
@MHM Cisco World
SSH Configuration
no ssh stricthostkeycheck
ssh 172.16.16.10 255.255.255.255 cd
ssh 0.0.0.0 0.0.0.0 management
ssh timeout 5
ssh key-exchange group dh-group1-sha1
05-25-2023 03:04 AM
ASA(config)# show ssh sessions <<- share this here
ASA(config)#debug ssh <<- share debug when access to ASA via SSH
05-25-2023 03:13 AM - edited 05-25-2023 03:13 AM
I can't see anything when I execute the debug ssh command and tried connecting ssh to ASA.
SSH Sessions shows
# show ssh sessions
SID Client IP Version Mode Encryption Hmac State Username
0 10.4.14.231 2.0 IN aes128-ctr md5 SessionStarted cisco
OUT aes128-ctr md5 SessionStarted cisco
#
05-25-2023 03:18 AM
# show ssh sessions
SID Client IP Version Mode Encryption Hmac State Username
0 10.4.14.231 2.0 IN aes128-ctr md5 SessionStarted cisco
OUT aes128-ctr md5 SessionStarted cisco
there is already SSH session
I think you try from other IP ?
05-25-2023 03:22 AM
Yes, it is working for 10.4.14.231 IP, we are trying to setup a new SSH and decommission 10.4.14.231.
Background about new setup:
We have a Windows Server which will act as a Secret Server and from that Secret Server, we need to SSH into the Firewall.
But, when we do the packet capture, I see a Reset from ASA.
1: 12:08:18.662746 172.16.16.10.64268 > 10.10.190.2.22: SWE 3477430131:3477430131(0) win 64240 <mss 1460,nop,wscale 8,nop,nop,sackOK>
2: 12:08:18.662807 10.10.190.2.22 > 172.16.16.10.64268: S 2273598963:2273598963(0) ack 3477430132 win 8192 <mss 1380>
3: 12:08:18.665370 172.16.16.10.64268 > 10.10.190.2.22: . ack 2273598964 win 64240
4: 12:08:18.665706 10.10.190.2.22 > 172.16.16.10.64268: R 2273598964:2273598964(0) ack 3477430132 win 64240
05-25-2023 03:26 AM
You access use mgmt interface using PC with ip in same subnet of mgmt?
05-25-2023 03:28 AM
Yes
05-25-2023 03:32 AM
So multi SSH'
Disconnect the first one and try access with new IP.
05-25-2023 03:33 AM
It is not working.
05-25-2023 03:48 AM - edited 05-25-2023 03:49 AM
172.16.16.10.64268 > 10.10.190.2.22 <<- this subnet is different, again check you access ASA via mgmt subnet
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: