Solved: Unable to console or ssh production fw

mahesh18 · ‎06-10-2013

Hi everyone,

unable to console or ssh fw.

lights are green on fw

thanks

mahesh

Jouni Forss · ‎06-10-2013

Hi,

Sounds like a wierd problem if even Console connection wont work?

Do you mean that you can not get any output on the Console connection software (like Putty) when you try to connect to the device? No username/password prompt?

Is this firewall running in a Failover pair or is it a single firewall?

If its a Failover pair then naturally you could try to connect to the other firewall if possible. Though if this was the case you would have probably already tried?

If its a single firewall then I guess you might want to try reloading the firewall during off work hours if possible.

I have never run into a situation where I would have not been able to connect to an ASA with ANY means. Only once run into a bug where a Failover actually caused the management connections to fail.

- Jouni

View solution in original post

Jouni Forss · ‎06-10-2013

Hi,

On a fast search I couldnt find anything on that specific software that would clearly point to your problem

I have personally run into management connection problems on 8.2 and 8.4 software levels.

I would imagine it must have been some bug but its hard to troubleshoot since you werent able to get any kind of management connection to the box.

Depending on the Syslog configurations on the ASA you and if you are sending logs to some Syslog server then you might be able to find something on the Syslog server about the attempts to connect to the ASA when it was still facing the problem.

- Jouni

View solution in original post

Julio Carvajal · ‎06-10-2013

Hello Mahesh,

So you reboot it and the ASA went back online perfectly,

Have you make any changes lately?

Has it crashed lately?

If you do not get any console outputs then we definelty have problems but I would like to know if maybe a reboot happen before that so the problem was the ASA not able to find the image to boot or got into a boot loop,

Either way something not expected happen

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

Jouni Forss · ‎06-10-2013

Hi,

From what I understood or presumed was that the ASA was actually passing traffic but the management connections just didnt work.

Or did you actually have an problem with traffic through the ASA at the same time? In other words were users having problems accessing Internet through the ASA while the problem with the management connection was on?

I guess the latest software you could savely move to would be 8.2(5). That is if you wanted to upgrade. This should be the latest software before the big changes to the ASA software.

- Jouni

View solution in original post

Jouni Forss · ‎06-10-2013

Hi,

Sounds like a wierd problem if even Console connection wont work?

Do you mean that you can not get any output on the Console connection software (like Putty) when you try to connect to the device? No username/password prompt?

Is this firewall running in a Failover pair or is it a single firewall?

If its a Failover pair then naturally you could try to connect to the other firewall if possible. Though if this was the case you would have probably already tried?

If its a single firewall then I guess you might want to try reloading the firewall during off work hours if possible.

I have never run into a situation where I would have not been able to connect to an ASA with ANY means. Only once run into a bug where a Failover actually caused the management connections to fail.

- Jouni

mahesh18 · ‎06-10-2013

Hi Jouni,

when i console in to FW i see no prompt or message.

Trying to figure out if this is standalone fw or not.

thanks

Mahesh

mahesh18 · ‎06-10-2013

Hi Jouni,

Its standalone fw.

I will reboot it soon

thanks

mahesh

mahesh18 · ‎06-10-2013

Hi Jouni,

After reboot ASA is backup.

Its ASA 5520 with

Cisco Adaptive Security Appliance Software Version 8.0(5)28

Device Manager Version 6.4(7)

do you know any bug on this ios?

Thanks

mahesh

Jouni Forss · ‎06-10-2013

Hi,

On a fast search I couldnt find anything on that specific software that would clearly point to your problem

I have personally run into management connection problems on 8.2 and 8.4 software levels.

I would imagine it must have been some bug but its hard to troubleshoot since you werent able to get any kind of management connection to the box.

Depending on the Syslog configurations on the ASA you and if you are sending logs to some Syslog server then you might be able to find something on the Syslog server about the attempts to connect to the ASA when it was still facing the problem.

- Jouni

Julio Carvajal · ‎06-10-2013

Hello Mahesh,

So you reboot it and the ASA went back online perfectly,

Have you make any changes lately?

Has it crashed lately?

If you do not get any console outputs then we definelty have problems but I would like to know if maybe a reboot happen before that so the problem was the ASA not able to find the image to boot or got into a boot loop,

Either way something not expected happen

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Jouni Forss · ‎06-10-2013

Hi,

From what I understood or presumed was that the ASA was actually passing traffic but the management connections just didnt work.

Or did you actually have an problem with traffic through the ASA at the same time? In other words were users having problems accessing Internet through the ASA while the problem with the management connection was on?

I guess the latest software you could savely move to would be 8.2(5). That is if you wanted to upgrade. This should be the latest software before the big changes to the ASA software.

- Jouni

mahesh18 · ‎06-10-2013

Hi Jouni,

This ASA was for VPN users only.

This was standalone ASA.I check the logs from server it has no logs coming to syslog for 6 hours.

So i am not sure if it was passing traffic or not?

After reboot it worked fine.

Thanks for pointing me in right direction.

Regards

Mahesh

mahesh18 · ‎06-10-2013

Hi Julio,

No changes were made to ASA.

No it did not crash lately.

Console connection did not give any output.

Thanks

Mahesh

Julio Carvajal · ‎06-10-2013

Hello Mahesh,

Well , we will need to know if there was any traffic going through,

Otherwise it looks like somehow got stuck, odd enough,

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

mahesh18 · ‎06-10-2013

Hi Julio,

Seems it got stuck.As syslog server was not getting any logs.

so this shows no traffic was passing.

all is good now.

Regards

Mahesh

Julio Carvajal · ‎06-10-2013

Hello,

That's odd, Let us know if it happen again,

I would like to see the logs just before the issue starts,

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC