I recently moved from policy based VPN to Route Based VPNs and everything is working great except for trying to SSH across the VTI tunnel to the ASA Inside interface.
I can telnet to the Inside Interface across the VTI, just no SSH. All the ssh rules are good, and I even tested allowing all to SSH 0.0.0.0 0.0.0.0.
SSH daemon is good as I can SSH to the Outside Interface over the Internet. Running a packet capture on the ASA itself I see my SSH request coming in to the ASA, but then times out with a SYN Timeout. It's as if the ASA Inside Interface is not replying to SSH requests.
Is this something anyone has experienced before? It is an odd one. Telnet is fine to the Inside address. I am using the same host to test SSH and Telnet from so routing is good also.
Thank you for posting this. I just had the exact same problem. Switched from policy-based to route-based VPNs and lost ASDM/SSH access to inside interfaces. Couldn't figure it out.
Removed the http/ssh commands and re-entered them. Boom. They work again. Hope they address this soon.