Solved: SSH stops in dual ISP setup

cuchara61 · ‎11-14-2011

ASA 7.2(4)

I have (painfully!) sucessfully configured a site with dual ISP's, several site-to-site VPN's (that don't failover), inbound forwards, etc... The only remaining issue is SSH. Prior to adding a 2nd ISP, ssh on both inside and outside worked fine as expected. When both ISP interfaces are active and traffic is moving over the primary, SSH is "flakey" on all 3 interfaces. Monitoring tool shows it going up and down and is confirmed when I actually try to connect to it. Stumped. Sanitized config attached, but to me, the only relevant part is ...

ssh 0.0.0.0 0.0.0.0 inside

ssh 67.xxx.xxx.0 255.255.255.0 outside

ssh 67.xxx.xxx.0 255.255.255.0 cable

ssh timeout 15

I could possibly understand if the interface not currently being used timed out due to a lack of a route back, but all 3 interfaces are failing. As soon as one of the 2 wan interfaces is unplugged, ssh is fine on the other 2.

Thanks

Ed

mopaul · ‎11-15-2011

yes, the return route could be an issue. I understand you are trying to SSH from the internet and not over the VPN tunnel.

Can you check if it behaves the same way when you try to access ASDM?

Can you console into the ASA and gather capture from ASA's both internet facing interfaces while you attempt SSH.

Mohit Paul CCIE-Security 35496 P.S Please do rate this post if you find it helpful to make it easier for others seeking answers to similar queries

View solution in original post

mopaul · ‎11-15-2011

yes, the return route could be an issue. I understand you are trying to SSH from the internet and not over the VPN tunnel.

Can you check if it behaves the same way when you try to access ASDM?

Can you console into the ASA and gather capture from ASA's both internet facing interfaces while you attempt SSH.

Mohit Paul CCIE-Security 35496 P.S Please do rate this post if you find it helpful to make it easier for others seeking answers to similar queries