01-23-2019 08:24 AM - edited 02-21-2020 08:41 AM
Hi All,
I recently moved from policy based VPN to Route Based VPNs and everything is working great except for trying to SSH across the VTI tunnel to the ASA Inside interface.
I can telnet to the Inside Interface across the VTI, just no SSH. All the ssh rules are good, and I even tested allowing all to SSH 0.0.0.0 0.0.0.0.
SSH daemon is good as I can SSH to the Outside Interface over the Internet. Running a packet capture on the ASA itself I see my SSH request coming in to the ASA, but then times out with a SYN Timeout. It's as if the ASA Inside Interface is not replying to SSH requests.
Is this something anyone has experienced before? It is an odd one. Telnet is fine to the Inside address. I am using the same host to test SSH and Telnet from so routing is good also.
01-24-2019 12:19 PM
03-11-2019 03:15 PM
Thank you for posting this. I just had the exact same problem. Switched from policy-based to route-based VPNs and lost ASDM/SSH access to inside interfaces. Couldn't figure it out.
Removed the http/ssh commands and re-entered them. Boom. They work again. Hope they address this soon.
03-13-2019 11:45 AM
Yip, can confirm this indeed fixed the same issue.
Thanks!
09-10-2019 08:07 PM
Thanks same issue. what a bug! resolved thanks again for posting it.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide