I checked Version, which is right, and I checked subnets allowed. Both are in correct configuration.

It is weird, isnt it?

I think that SSH is not configured correctly.

You need a name/domain-name to be able to generate RSA keys and then enable SSH to include the subnets that you're coming from.

Please check you have RSA keys configured and SSH enabled correctly.

sh cry key mypubkey rsa

sh run ssh

Federico.

I did regenerated a key. and did a sh ssh. it looks OK.

My subnet is included.

# sh run ssh
ssh 1XX.12X.1.0 255.255.255.0 outside-----this is the subnet my pc is on.
ssh timeout 60
ssh version 2

# sh crypto key mypubkey rs
Key pair was generated at: 09:44:33 EST Feb 25 2011
Key name:
Usage: General Purpose Key
Modulus Size (bits): 1024
Key Data:

  30819f30 0d09092a 864886f7 0d010101 05000381 8d003081 89028181 00c00d69
  2b972b6a 705bbe92 d0273011 878f62ba 27b41c83 5e318584 c4ae1a27 5753740e
  31ec36b7 e900e5pb faf2c2dc fcf3404b b9bf2deb 6354c918 9adefcff 78a04f70
  52c98dbf 428c3af6 dfd1d653 5809452a 162815c9 48ba8fce 46a05965 860f1c9c
  883db06b 0af0265e 4b4e23e9 81ec98b5 ce373cc4 fe62f6ea c738de4d 0f020301 0001
Key pair was generated at: 04:53:26 EDT Jun 18 2009
Key name: company-2048
Usage: General Purpose Key
Modulus Size (bits): 2048
Key Data:

  30820122 300d0609 2a864886 f70d0101 01050003 82010f00 3082010a 02820101
  00e88d3e c131dcf3 08fcb19a 58f6dc88 b3285b84 409488d9 fa583bc0 5c79108c
  7bf74d56 87565a2c 40098f5a 36d79d92 9bo5974e ca62f926 3b18215e a8be7d1f
  cd7bca41 a5b4847f 3ce701dc 6e2732a0 36af91a4 1f313263 771cb2f9 036a5ace
  4e627196 b8303112 4fe4c017 bd2dfac9 d100a714 5bf5f872 f8233cec 5f3c5cc4
  b88bf6b7 b471a659 c252dae1 30d5y0d6 76a09bfc 926f8805 cbfecd2d 11e7cd26
  9e259d30 18c51218 0030f73e 2cff8f7d 4e735d14 4f85dfd5 cee618dc 0e3f4c9f
  16fc2c95 993a5968 634d935a 27be0533 add7b359 74e8cf5a bcb20c78 d33cf4de
<--- More --->
             
  e2abd016 161f32dc 1e8e3b39 8435828f 794817ab 508c7998 b6601412 07f50507
  fd020301 0001

There's not really much more related to SSH.

We can do two things:

1. I would suggest you try with a different SSH client as mentioned before (try other options just to make sure the problem is not with the software client).

If possible try from a different PC as well.

2. If everything seems correct and want to troubleshoot the ASA, we can look at the debugs for the SSH attempts.

debug ssh 127 or debug ssh 255

Hope it helps.

Federico.

Now, I can't even login to configure the rule from ASDM. It tells me that the ASA is syncing. We have two ASA for failover.

any idea?

thanks,

You need to check which ASA is active and which is secondary to see if failover is working fine.

If you can enter terminal via telnet or via console, can do show failover

Perhaps there's a problem with the failover communication.

Besides of this, is all traffic flowing through the ASA fine?

Federico.

This one is the act one. the other traffic are working fine.

I logged into console to this one and I found I can't do show run or write memory.

it shows:

ASA5520/act# wr
Building configuration...
Command Ignored, Configuration in progress...
[FAILED]

ASA5520/act# sh run
ERROR: Command Ignored, Configuration in progress...

DMZ-ASA5520/act# sh run all

ERROR: Command Ignored, Configuration in progress...

Can you paste a show failover from the ASA (the one letting you to log in)?

Federico.

I can log into the standby one. Here it is:

ASA5520/stby# sh failover
Failover On
Failover unit Secondary
Failover LAN Interface: SYNC GigabitEthernet0/2 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 3 of 160 maximum
failover replication http
Version: Ours 8.2(2), Mate 8.2(2)
Last Failover at: 21:02:37 EST Feb 20 2010
        This host: Secondary - Standby Ready
                Active time: 211 (sec)
                slot 0: ASA5520 hw/sw rev (2.0/8.2(2)) status (Up Sys)
                  Interface outside (1XX.1XX.255.67): Normal
                  Interface inside (0.0.0.0): Normal (Waiting)
                  Interface mgmt (0.0.0.0): No Link (Waiting)
                slot 1: empty
        Other host: Primary - Active
                Active time: 31946217 (sec)
                slot 0: ASA5520 hw/sw rev (2.0/8.2(2)) status (Up Sys)
                  Interface outside (1XX.1XX.255.66): Normal
                  Interface inside (1XX.1XX.5.1): Normal (Waiting)
                  Interface mgmt (10.10.10.10): No Link (Waiting)
                slot 1: empty

Stateful Failover Logical Update Statistics
        Link : STATE GigabitEthernet0/3 (up)
        Stateful Obj    xmit       xerr       rcv        rerr
        General         4264577    0          1098934997 133
        sys cmd         4259267    0          4259266    0
        up time         0          0          0          0
        RPC services    0          0          0          0
        TCP conn        4677       0          1003829017 132
        UDP conn        629        0          90839964   1
        ARP tbl         4          0          6750       0
        Xlate_Timeout   0          0          0          0
        IPv6 ND tbl     0          0          0          0
        VPN IKE upd     0          0          0          0
        VPN IPSEC upd   0          0          0          0
        VPN CTCP upd    0          0          0          0
        VPN SDI upd     0          0          0          0
        VPN DHCP upd    0          0          0          0
        SIP Session     0          0          0          0

        Logical Update Queue Information
                        Cur     Max     Total
        Recv Q:         0       18      1162839939
        Xmit Q:         0       1024    4266102

Hi Guys,

If getting this "ERROR: Command Ignored, Configuration in progress..".

Please try clearing the sessions of ssh session.

#show ssh sessions

#ssh disconnect <SID>

It will help you clear the session, and the try executing the same command, it should work.

Regards,

Rajan