Solved: SSH problem connection

wkamil123 · ‎10-21-2010

Hi,

I have problem with a connection to ASA 5510 through SSH.

SSH works when the ASA is reload and works for some time and then the connection on terminal is blocked (TeraTerm).
The connection to ASA works by telnet and ASDM.

Below parts of configuration from ASA.

ssh 0.0.0.0 0.0.0.0 inside
ssh timeout 5
ssh version 2

aaa authentication telnet console LOCAL
aaa authentication enable console LOCAL
aaa authentication ssh console LOCAL

http server enable
http 0.0.0.0 0.0.0.0 inside

Kamil

rmavila · ‎10-21-2010

Can you please remove the ssh command and type it again i.e :

no ssh 0.0.0.0 0.0.0.0 inside

ssh 0.0.0.0 0.0.0.0 inside

Also telnet into the device and issue the command show asp table socket and keep monitoring until all the entries with :22 get removed after sometime and then try to ssh into the device.

Let me know how it goes

Rahul

View solution in original post

rmavila · ‎10-21-2010

Hi Kamil,

Can you tell what version of ASA are you running. Also can you tell me how long does the connection stay. Also send me the output of " show asp table socket"

--

Rahul

wkamil123 · ‎10-21-2010

The ASA version is 8.2.3

show asp table socket

Protocol Socket    Local Address               Foreign Address         State
SSL       0000c41f 192.168.9.253:443           0.0.0.0:*               LISTEN
SSL       0001500f 91.216.5.200:443            0.0.0.0:*               LISTEN
TCP       0004345f 192.168.9.253:22            0.0.0.0:*               LISTEN
TCP       000548cf 91.216.5.200:22             0.0.0.0:*               LISTEN
TCP       015f93ef 192.168.9.253:23            0.0.0.0:*               LISTEN
TCP       01753dc8 192.168.9.253:23            192.168.100.91:49428    ESTAB
TCP       0176e7b8 192.168.9.253:22            192.168.251.69:37771    CLOSEWAIT
TCP       0177ee68 192.168.9.253:22            192.168.251.69:43188    CLOSEWAIT
SSL       017e1d38 192.168.9.253:443           192.168.100.134:26005   ESTAB
SSL       017f0ca8 192.168.9.253:443           192.168.100.134:26007   ESTAB

rmavila · ‎10-21-2010

Can you please remove the ssh command and type it again i.e :

no ssh 0.0.0.0 0.0.0.0 inside

ssh 0.0.0.0 0.0.0.0 inside

Also telnet into the device and issue the command show asp table socket and keep monitoring until all the entries with :22 get removed after sometime and then try to ssh into the device.

Let me know how it goes

Rahul

wkamil123 · ‎10-21-2010

Thank's for your replay, it's works now.

We have installed CACTI inside and configured to monitor ASA on 22 port and always status connection was CLOSEWAIT.

The sh ssh sessions do not show any open sessions.

Kamil

praprama · ‎10-21-2010

Hi,

Enable "debug ssh 255" on the ASA (when on a Telnet session) and enable "terminal monitor" and then try an SSH and send the debugs.

Also, apply captures on the ASA and let me know how they look.

https://supportforums.cisco.com/docs/DOC-1222

Regards,

Prapanch

wkamil123 · ‎10-21-2010

Thanks for help.

I used deb ssh 255 but do not any logs on terminal when I try connect to ASA.

Kamil