Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2744
Views
0
Helpful
4
Replies

SSH stops working to ASA

rrusselljr
Level 1
Level 1

‎02-06-2013 06:28 AM - edited ‎03-11-2019 05:56 PM

I've searched for this, but all I find are steps to turn on SSH access.  I have quite a few customers with ASA5510's installed.  SSH is set up and working fine on every one.  After a period of time, you are no longer able to SSH into the firewall.  Using Putty, it just sits there on a blank screen without giving a "denied access" message or a login prompt.  Rebooting the firewall will solve the issue and SSH access works again.  Today, I had a customer with and active/standby configuration where I had to reboot both of them to be able to log in.  Most of my customers are on 8.2.software as most don't want to reconfigure for the new NAT, etc. 

I'm sure others have seen this before since it appears to be occuring on almost every ASA that I have access to.  Is there any fix to eliminate this or is there something that can be run from the ASDM that will grant SSH access again without just doing a reboot?

Labels:
0 Helpful
4 Replies 4

Jouni Forss
VIP Alumni
VIP Alumni

‎02-06-2013 06:32 AM

Hi,

Cant say I have run into this issue that many times.

And the times it has been a problem it has been because of a bug.

The ASA 8.2(x) softwares very first maintanance releases had a particularry nasty bug related to management connections when using A/S Failover. I think in event of failover you would loose SSH connectivity to the devices.

I guess the first step in your case would be to get your exact software level of the ASA facing the problem and then looking through the Bug Toolkit for possible bug in the software. Also would be good to chart the ASAs facing the problems and see if they have matching software which would possibly confirm that its a bug.

- Jouni

0 Helpful

rrusselljr
Level 1
Level 1
In response to Jouni Forss

‎02-06-2013 12:38 PM

Thanks, I already did that and couldn't find anything specific that didn't show as being fixed in an earlier version that what is running.  Most of the ASAs I've looked at with this issue are on 8.2.3 and all the "SSH hangs and won't allow any more sessions" or the like show up in much earlier releases and are also fixed much earliler.  Unfortunately, Bug Toolkit doesn't search well for version numbers on non-IOS devices.

   ---RWR

0 Helpful

i.va
Level 3
Level 3

‎02-07-2013 04:00 AM

I think this might be helpful...seems to be related to a couple of bugs as Jouni already suspected:

https://supportforums.cisco.com/thread/2091792

0 Helpful

david.tran
Level 4
Level 4
In response to i.va

‎02-07-2013 04:37 AM

Basically, when you upgrade from an old to a new version, you simply trade a "know" issue for many "unknown" issues
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card