Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1044
Views
0
Helpful
6
Replies

SSH to ASA from outside stops working after some time

smunzani
Level 1
Level 1

‎06-29-2011 09:27 AM - edited ‎03-11-2019 01:52 PM

Hi,

I have been facing this weird issue for a few months. I tried latest 8.4.1 code too and nothing seems to help.

Aftrer a few days, ssh to outside interface from internet stops working that worked before. At the same time it works from internal interface. To get more productive data, I ssh to the firewall from internal side and ran capture command on the outside interface. Below is the capture results.

   1: 22:54:37.731483 67.184.33.71.31049 > 216.7.16.2.22: F 1991970469:1991970469(0) ack 1308993793 win 65535

   2: 22:54:37.731544 216.7.16.2.22 > 67.184.33.71.31049: . ack 1991970470 win 8192

   3: 22:54:37.752921 67.184.33.71.31049 > 216.7.16.2.22: . ack 1308993793 win 65535

   4: 22:55:12.877792 67.184.33.71.59626 > 216.7.16.2.22: S 4282824925:4282824925(0) win 65535 <mss 1380,nop,wscale 3,nop,nop,timestamp 754137833 0,sackOK,eol>

   5: 22:55:12.877853 216.7.16.2.22 > 67.184.33.71.59626: S 2732681542:2732681542(0) ack 4282824926 win 8192 <mss 1380>

   6: 22:55:12.899260 67.184.33.71.59626 > 216.7.16.2.22: . ack 2732681543 win 65535

Did not find much on google search.

Current work around is SSH to the box from inside interface and reboot. After reboot things will work for a few days and then it will stop again. Its really annoying issue since some of my remote sites are only accessible from outside since there are not boxes I can hop on to in order to SSH.

Thanks in advance,

Sam

Labels:
0 Helpful
6 Replies 6

Maykol Rojas
Cisco Employee
Cisco Employee

‎06-29-2011 11:12 AM

Do you use secure copy protocol?

Mike

Mike
0 Helpful

smunzani
Level 1
Level 1
In response to Maykol Rojas

‎06-29-2011 11:13 AM

No. Secure Shell it self. It stops working and only reboot fixes it.

Thanks,

Sam

0 Helpful

Maykol Rojas
Cisco Employee
Cisco Employee
In response to smunzani

‎06-29-2011 11:29 AM

Once you have the issue, please gather the following,

show process | inc ssh

show asp table socket

show ssh ssessions

Put the debug ssh

Try to connect via ssh

Thanks.

Mike

Mike
0 Helpful

smunzani
Level 1
Level 1
In response to Maykol Rojas

‎06-29-2011 11:32 AM

Will do. I did debug ssh but that didn't reveal anything and that led me to capture. I have symptoms going at one of the site now but don't have a way to get in remotely now to run these commands. Will have to wait till the symptoms show up at one of the site where I have internal LAN access.

0 Helpful

varrao
Level 10
Level 10
In response to smunzani

‎06-29-2011 11:42 AM

There are a few known issues with SSH on version 8.4.1, now there are two options for you, furst move on to the latest code in version 8.4.x train or open a TAC case for the correct identification of the bug.

Hope this helps.

Thanks,

Varun

Thanks,
Varun Rao
0 Helpful

smunzani
Level 1
Level 1
In response to varrao

‎06-29-2011 11:44 AM

I will go with easy option of upgrade 1st. See if that fixes the problem. If not, I will open a case.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card