05-22-2013 01:27 AM - edited 03-11-2019 06:47 PM
Hi all
I have an ASA 5510 in a live environment. Up til a short while ago I could access this via the ASDM and ssh. However I can no longer connect to it via
eithier. When I access It via SSH I get a disclaimer saying the following
*** You have entered a restricted zone! Authorized access only!!! Disconnect immediately if you are not authorized user! ***
It then cuts me off.
When I try to access the ASDM I get the following
The firewall is running all its services without a problem and I can ping the device without any issues. Also none of the config (to my knpowledge has been changed). I set up a console session and http server enable is still there with
http 192.168.200.0 255.255.255.0 inside
Please could some one shed some light on this
thanks
05-22-2013 01:39 AM
Just to add further details. Here is the config from the firewall
http server enable
http 192.168.200.0 255.255.255.0 inside
http 192.168.1.0 255.255.255.0 management
http 202.130.241.192 255.255.255.192 outside
http 192.168.100.0 255.255.252.0 outside
I ran a packet tracer on the inside interface for ssh running from my machine 192.168.102.46 to the firewall 192.168.200.1
it allowed everything through until the last hurdle
Result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: NP Identity Ifc
output-status: up
output-line-status: up
Action: drop
Drop-reason: (no-adjacency) No valid adjacency
05-23-2013 06:40 AM
Reboots the firewall it is now resolved a possible issue with the management engine
05-23-2013 08:51 AM
Hi James,
With limited info available:
http 192.168.100.0 255.255.252.0 outside << So I expect 192.168.100.0 255.255.252.0 to be on outside.
But as per "I ran a packet tracer on the inside interface for ssh running from my machine 192.168.102.46 to the firewall 192.168.200.1" 192.168.102.46 is on inside. So, above command should look like:
no http 192.168.100.0 255.255.252.0 outside
http 192.168.100.0 255.255.252.0 inside
Since, it works after reboot of ASA, are you still accessing ASA using ASDM from same source IP?
-
Sourav Kakkar
05-30-2013 12:44 AM
yes same source IP
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide