07-02-2021 10:41 AM - edited 07-02-2021 11:25 AM
hi gladiators
i've setup where i can only have NAT'ed TCP(SSH) session to C9300 (16.12.2) between VLAN 10 (l.s. 10.60.30.20/24) to VLAN 20 (l.s. 10.100.50.254/24) where SRC & DST correspondingly live separated by FW (ASA).
the quest is i can login to DST from SRC via SSH but all sessions get dropped from DST by RST flag just in few seconds (couple of tens). from user perspective it looks like obtaining prompt from DST, entering password & then trying to enter "enable" followed by enable password. rarely i can even catch enable prompt. it never lasts more than ~10 secs.
my Q is why with this conditions DST sends RST? capture from ASA with translated session from egress intf is attached.
help...
07-02-2021 10:52 AM
From what device this Logs from ?
how about login from same network ? is that works ?
07-02-2021 11:14 AM - edited 07-03-2021 05:05 AM
it's capture from ASA' DST-facing interface. both SRC & DST live in directly attached to FW VLANs.
no way to login from the same with DST subnet (only from ASA but it lacks ssh|telent client features). that's why NAT is configured to hide SRC behind IP on FW' IP in VLAN 40
debug ip ssh client output from SRC:
004136: Jul 3 12:01:01.300: SSH CLIENT0: protocol version id is - SSH-1.99-Cisco-1.25
004137: Jul 3 12:01:01.300: SSH CLIENT0: protocol version exchange successful
004138: Jul 3 12:01:01.301: SSH2 CLIENT 0: Using kex_algo = diffie-hellman-group-exchange-sha1
004139: Jul 3 12:01:01.384: SSH CLIENT0: key exchange successful and encryption on
004140: Jul 3 12:01:01.386: SSH2 CLIENT 0: using method keyboard-interactive authentication
004141: Jul 3 12:01:03.020: SSH2 CLIENT 0: SSH2_MSG_USERAUTH_SUCCESS message received
004142: Jul 3 12:01:03.020: SSH CLIENT0: user authenticated
004143: Jul 3 12:01:03.021: SSH2 CLIENT 0: pty-req request sent
004144: Jul 3 12:01:03.022: SSH2 CLIENT 0: shell request sent
004145: Jul 3 12:01:03.023: SSH CLIENT0: session open
004146: Jul 3 12:01:03.224: SSH CLIENT0: Session disconnected - error 0x07
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide