Re: SSH to Inside over VTI Tunnel

GRANT3779 · ‎01-23-2019

Hi All,

I recently moved from policy based VPN to Route Based VPNs and everything is working great except for trying to SSH across the VTI tunnel to the ASA Inside interface.

I can telnet to the Inside Interface across the VTI, just no SSH. All the ssh rules are good, and I even tested allowing all to SSH 0.0.0.0 0.0.0.0.

SSH daemon is good as I can SSH to the Outside Interface over the Internet. Running a packet capture on the ASA itself I see my SSH request coming in to the ASA, but then times out with a SYN Timeout. It's as if the ASA Inside Interface is not replying to SSH requests.

Is this something anyone has experienced before? It is an odd one. Telnet is fine to the Inside address. I am using the same host to test SSH and Telnet from so routing is good also.

GRANT3779 · ‎01-24-2019

Well after playing about with MTU and studying packet captures i could see nothing. I ended up removing the ssh commands, applied the exact same ones and boom.... It works. Strange.

Kidney · ‎03-11-2019

Thank you for posting this. I just had the exact same problem. Switched from policy-based to route-based VPNs and lost ASDM/SSH access to inside interfaces. Couldn't figure it out.

Removed the http/ssh commands and re-entered them. Boom. They work again. Hope they address this soon.

clintsaint · ‎03-13-2019

Yip, can confirm this indeed fixed the same issue.

Thanks!

WillM528 · ‎09-10-2019

Thanks same issue. what a bug! resolved thanks again for posting it.