cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2235
Views
0
Helpful
4
Replies

Cannot connect to ASA with ASDM or SSH - Firewall running ok

James Simpson
Level 1
Level 1

    Hi all

I have an ASA 5510 in a live environment. Up til a short while ago I could access this via the ASDM and ssh. However I can no longer connect to it via

eithier. When I access It via SSH I get a disclaimer saying the following

*** You have entered a restricted zone! Authorized access only!!! Disconnect immediately if you are not authorized user! ***

It then cuts me off.

When I try to access the ASDM I get the following

Capture.PNG

The firewall is running all its services without a problem and I can ping the device without any issues. Also none of the config (to my knpowledge has been changed). I set up a console session and http server enable is still there with

http 192.168.200.0 255.255.255.0 inside

Please could some one shed some light on this

thanks

4 Replies 4

James Simpson
Level 1
Level 1

Just to add further details. Here is the config from the firewall

http server enable

http 192.168.200.0 255.255.255.0 inside

http 192.168.1.0 255.255.255.0 management

http 202.130.241.192 255.255.255.192 outside

http 192.168.100.0 255.255.252.0 outside

I ran a packet tracer on the inside interface for ssh running from my machine 192.168.102.46 to the firewall 192.168.200.1

it allowed everything through until the last hurdle

Result:

input-interface: inside

input-status: up

input-line-status: up

output-interface: NP Identity Ifc

output-status: up

output-line-status: up

Action: drop

Drop-reason: (no-adjacency) No valid adjacency

Reboots the firewall it is now resolved a possible issue with the management engine

Hi James,

With limited info available:

http 192.168.100.0 255.255.252.0 outside                    << So I expect 192.168.100.0 255.255.252.0 to be on outside.

But as per "I ran a packet tracer on the inside interface for ssh running from my machine 192.168.102.46 to the firewall 192.168.200.1" 192.168.102.46 is on inside. So, above command should look like:

no http 192.168.100.0 255.255.252.0 outside

http 192.168.100.0 255.255.252.0 inside

Since, it works after reboot of ASA, are you still accessing ASA using ASDM from same source IP?

-

Sourav Kakkar

yes same source IP

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: