Buy or Renew
Buy or Renew
Notice: The file download function is disabled. We apologize for the inconvenience.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2219
Views
0
Helpful
4
Replies

ASA ssh acess after nusses scan

Go to solution
lostngone
Level 1
Level 1

‎04-21-2011 02:05 PM - edited ‎03-11-2019 01:24 PM

I have an 5510 running 8.4(1) I can ssh into the system with no problems until I scan the device with Nessus security scanner. After that I just get timeouts from the client when I try to connect and the only way to fix the problem is to reload the device. I have included 2 syslog dumps one showing ssh into the device before(working) the scan and one after(not working).

I do not have any acls on that int and I have turned off basic threat detection. The devices is still running I can login via the serial console and via ASDM it just appears ssh is someone shutdown or hung.

Does anyone have any ideas?

WORKING

4/21/2011 11:33:43 AM    192.168.11.108    Debug    %ASA-7-609002: Teardown local-host testing:192.168.65.106 duration 0:00:10
4/21/2011 11:33:43 AM    192.168.11.108    Informational    %ASA-6-302014: Teardown TCP connection 50 for testing:192.168.65.106/4462 to identity:192.168.11.108/22 duration 0:00:10 bytes 3691 TCP Reset-O
4/21/2011 11:33:43 AM    192.168.11.108    Informational    %ASA-6-315011: SSH session from 192.168.65.106 on interface testing for user "test" terminated normally
4/21/2011 11:33:40 AM    192.168.11.108    Informational    %ASA-6-605005: Login permitted from 192.168.65.106/4462 to testing:192.168.11.108/ssh for user "leeh"
4/21/2011 11:33:40 AM    192.168.11.108    Informational    %ASA-6-611101: User authentication succeeded: Uname: test
4/21/2011 11:33:40 AM    192.168.11.108    Informational    %ASA-6-611101: User authentication succeeded: Uname: test
4/21/2011 11:33:40 AM    192.168.11.108    Informational    %ASA-6-113008: AAA transaction status ACCEPT : user = test
4/21/2011 11:33:40 AM    192.168.11.108    Informational    %ASA-6-113012: AAA user authentication Successful : local database : user = test
4/21/2011 11:33:33 AM    192.168.11.108    Informational    %ASA-6-302013: Built inbound TCP connection 50 for testing:192.168.65.106/4462 (192.168.65.106/4462) to identity:192.168.11.108/22 (192.168.11.108/22)
4/21/2011 11:33:33 AM    192.168.11.108    Debug    %ASA-7-609001: Built local-host testing:192.168.65.106

___________________

NOT WORKING

4/21/2011 12:38:17 PM    192.168.11.108    Informational    %ASA-6-302014: Teardown TCP connection 86 for testing:192.168.65.106/1954 to identity:192.168.11.108/22 duration 0:05:01 bytes 0 Connection timeout
4/21/2011 12:38:17 PM    192.168.11.108    Debug    %ASA-7-609002: Teardown local-host testing:192.168.65.106 duration 0:05:01
4/21/2011 12:33:15 PM    192.168.11.108    Debug    %ASA-7-609001: Built local-host testing:192.168.65.106
4/21/2011 12:33:15 PM    192.168.11.108    Informational    %ASA-6-302013: Built inbound TCP connection 86 for testing:192.168.65.106/1954 (192.168.65.106/1954) to identity:192.168.11.108/22 (192.168.11.108/22)

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Shrikant Sundaresh
Cisco Employee
Cisco Employee

‎04-21-2011 02:38 PM

Heym

You might also want to check out the following bug:CSCtl77907

It basically states that in version 8.4.1, if there is a failure to open SSH (probably what happens during the nessus scan), then further connections will also be dropped. The bug is fixed in version 8.4.1.2. You can try upgrading to that and update here, whether it works properly now or not.

Hope this helps.

-Shrikant

P.S.: Please mark this question as answered if it has been resolved. Do rate helpful posts. Thanks.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Shrikant Sundaresh
Cisco Employee
Cisco Employee

‎04-21-2011 02:26 PM

Hi,

Could you see the output of "show asp table socket" before and after a nessus scan, to check if ASA is listening on port 22 for the interface you are trying to ssh. Also if it doesn't work after a nessus scan, try removing the ssh related config and put it back, and then check again.

The logs you've put don't help much, since the log shows that it built a connection in the non-working section as well.(last log).

Hope this helps.

-Shrikant

0 Helpful

Go to solution
Shrikant Sundaresh
Cisco Employee
Cisco Employee

‎04-21-2011 02:38 PM

Heym

You might also want to check out the following bug:CSCtl77907

It basically states that in version 8.4.1, if there is a failure to open SSH (probably what happens during the nessus scan), then further connections will also be dropped. The bug is fixed in version 8.4.1.2. You can try upgrading to that and update here, whether it works properly now or not.

Hope this helps.

-Shrikant

P.S.: Please mark this question as answered if it has been resolved. Do rate helpful posts. Thanks.

0 Helpful

Go to solution
lostngone
Level 1
Level 1
In response to Shrikant Sundaresh

‎04-22-2011 10:33 AM

I finally had a chance to get back to this problem. Thank you for your quick response.

It does indeed look like bug CSCtl77907 I get the exact error reported in the symptom field when I try re-adding the ssh configuration in the device.

I am guessing 8.4(1.2) isn't available yet? I only see 8.4(1) when I log in and go to downloads.

Thank you again, I would have been pulling my hair out trying to figure this one out without your help

0 Helpful

Go to solution
brquinn
Level 1
Level 1
In response to lostngone

‎04-22-2011 11:08 AM

No 8.4.1.x interims have been publically made available yet. If you open a TAC case, however, the engineer can post the latest build for you.

Thanks,

Brendan

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card