Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3642
Views
10
Helpful
6
Replies

ASA VTI source interface packet tracer

Go to solution
prestigio391
Level 1
Level 1

‎03-15-2021 08:09 AM

Hello guys,

 

Iam trying resolve issue in my environment of firewalls. Question.

I have VTI interfaces with IKEV2.Via them is BGP. Tunnel work well BGP up, routes changed.But...

Packet-tracer input what ??? is possible to do if i want test traffic that incoming from VTI and goes to my inside ? I can add here VTI interface by default..Only outside..And it shows drop exactly..

 

Another thing..I have on every ASAs asa984-32-smp-k8.bin

 

but i have problem provide SSH from one network(from PC) to another ASA inside interface...It works only after reload of target ASA. I can reload ASA every time...Its crazy. Because in nwtwork is 30 firewalls but iam facing this only on 5 of them.....Somebody is facing something simillar ?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
prestigio391
Level 1
Level 1
In response to Sheraz.Salim

‎03-26-2021 01:38 AM

Hello,

 

I don know if its bug solution is...

 

no management-access {name of inside interface}

management-access {name of inside interface}

 

After this ssh working....Weird...

 

Thanks for answers

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Sheraz.Salim
VIP Alumni
VIP Alumni

‎03-15-2021 08:51 AM

ASA with VTI wont allow you to do a packet tracer. only thing you can do it to setup a capture on VTI interface.

 

 

 

 

but i have problem provide SSH from one network(from PC) to another ASA inside interface...It works only after reload of target ASA. I can reload ASA every time...Its crazy. Because in nwtwork is 30 firewalls but iam facing this only on 5 of them.....Somebody is facing something simillar ?

 

- what is the interface configuration and what is the command configured for your ssh?

 

please do not forget to rate.

Go to solution
prestigio391
Level 1
Level 1
In response to Sheraz.Salim

‎03-15-2021 08:56 AM

Hello,

Thanks for reply.

 

!
interface GigabitEthernet1/2.181
description --Users--
vlan 181
nameif inside
security-level 100
ip address 172.30.81.1 255.255.255.0 standby 172.30.81.2

 

 

ssh cfg:

 

ssh 10.200.10.0 255.255.255.0 inside

ssh version 2
ssh key-exchange group dh-group1-sha1

0 Helpful

Go to solution
Sheraz.Salim
VIP Alumni
VIP Alumni
In response to prestigio391

‎03-15-2021 09:41 AM

That’s strange behaviour is your layer2 solid?

please do not forget to rate.
0 Helpful

Go to solution
prestigio391
Level 1
Level 1
In response to Sheraz.Salim

‎03-15-2021 09:45 AM

Its not about L2 i think... Iam going from my pc from Location A to FW in location B.... Not working...But exactly same cfg in Location C..same conditions working..Only reload of FW help...After few week same thing...

0 Helpful

Go to solution
prestigio391
Level 1
Level 1
In response to Sheraz.Salim

‎03-26-2021 01:38 AM

Hello,

 

I don know if its bug solution is...

 

no management-access {name of inside interface}

management-access {name of inside interface}

 

After this ssh working....Weird...

 

Thanks for answers

0 Helpful

Go to solution
Sheraz.Salim
VIP Alumni
VIP Alumni
In response to prestigio391

‎03-26-2021 01:54 AM

Glad it work out wired though.

please do not forget to rate.
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card