I am trying to ssh to the inside interface of a remote firewall through an IPSec tunnel, but it just times out. I have an "ssh x.x.x.x x.x.x.x inside" rule to allow my connection, and I have "management-access inside" enabled. I see in the log that the connection is built.
Built inbound TCP connection 5526788 for outside:10.0.37.96/65067 (10.0.37.96/65067) to inside:172.29.11.254/22 (172.29.11.254/22)
After more troubleshooting I found that the device is dropping the packet due to "Punt no memory" which I can see if I do an asp-drop capture.
16:06:26.490285 10.0.37.96.65067 > 172.29.11.254.22: S 1843499779:1843499779(0) win 8192 <mss 1340,nop,wscale 8,nop,nop,sackOK> Drop-reason: (punt-no-mem) Punt no memory
I also tried connecting to the inside int via https, and that produced the same results (i.e. punt-no-mem).
Looking at Cisco docs it seems this might indicate a memory shortage, but we have plenty of memory available.
FW# sh mem
Free memory: 1434398544 bytes (67%)
Used memory: 713085104 bytes (33%)
Total memory: 2147483648 bytes (100%)
What else could cause this? BTW, I can ssh to the outside interface just fine.