Re: SSH Failing to connect

andrewjballard · ‎02-11-2011

Hello,

I recently upgraded my firewalls to 8.2(4), since then we have had an issue connecting to remote hosts vis ssh. (this upgrade may be a red herring as it didn't effect ssh on another site)

the problem is from inside i can start an ssh session to a remote host throught the firewall. I see the SYN, then the SYN ACK, but the ACK never seems to pass through the firewall. The result is that the remote host keeps sending the SYN ACK's and the inside host keeps sending the ACK until the connection times out.

What is also strange about this is that if i telnet to the remote host using port 22 i can connect.

Any suggestions on where to look for a reolution would be very much appreciated.

Thanks

PAUL GILBERT ARIAS · ‎02-11-2011

are you able to SSH to the same remote host by-passing the ASA? from another location I mean.

lcaruso · ‎02-11-2011

sh log

if message about cannot fetch crypto keys, regenerate....

crypto key generate rsa modulus 2048

andrewjballard · ‎02-14-2011

If i try to connect from a different site through a firewall running the same ios level, the connection is successful.

I am also not seeing any messages about crypto keys, and i can ssh to the firewall itself.

andrewjballard · ‎02-25-2011

After working with Cisco TAC to resolve the issue, the fix was to upgrade to

8.2.4.2 IOS.

Now ssh traffic can pass through the firewall.

PAUL GILBERT ARIAS · ‎02-25-2011

good to hear. Thanks for sharing.