02-11-2011 08:36 AM - edited 03-11-2019 12:49 PM
Hello,
I recently upgraded my firewalls to 8.2(4), since then we have had an issue connecting to remote hosts vis ssh. (this upgrade may be a red herring as it didn't effect ssh on another site)
the problem is from inside i can start an ssh session to a remote host throught the firewall. I see the SYN, then the SYN ACK, but the ACK never seems to pass through the firewall. The result is that the remote host keeps sending the SYN ACK's and the inside host keeps sending the ACK until the connection times out.
What is also strange about this is that if i telnet to the remote host using port 22 i can connect.
Any suggestions on where to look for a reolution would be very much appreciated.
Thanks
02-11-2011 08:50 AM
are you able to SSH to the same remote host by-passing the ASA? from another location I mean.
02-11-2011 01:31 PM
sh log
if message about cannot fetch crypto keys, regenerate....
crypto key generate rsa modulus 2048
02-14-2011 01:35 AM
If i try to connect from a different site through a firewall running the same ios level, the connection is successful.
I am also not seeing any messages about crypto keys, and i can ssh to the firewall itself.
02-25-2011 06:53 AM
After working with Cisco TAC to resolve the issue, the fix was to upgrade to
8.2.4.2 IOS.
Now ssh traffic can pass through the firewall.
02-25-2011 09:09 AM
good to hear. Thanks for sharing.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide