Re: Unable to SSH/HTTPS ASAv30 deployed on AWS on its inside interface

S.U.H.E.L · ‎08-09-2020

Have used the following IPs for reference :

Jump Server IP: 192.168.10.5 (Subnet A - AWS)

ASAv30 inside interface IP: 192.168.20.5 (subnet B - AWS)

Able to ping the ASAv inside interface from the Jump Server, but unable to SSH/HTTPS the ASAv inside interface when initiating a request from Jump Server.

Following captures observed on inside interface:

SSH:
1: 07:35:25.236712 192.168.10.5.51412 > 192.168.20.5.22: SWE 2005654349:2005654349(0) win 64240 <mss 1460,nop,wscale 8,nop,nop,sackOK>
2: 07:35:28.249987 192.168.10.5.51412 > 192.168.20.5.22: SWE 2005654349:2005654349(0) win 64240 <mss 1460,nop,wscale 8,nop,nop,sackOK>
3: 07:35:34.251955 192.168.10.5.51412 > 192.168.20.5.22: S 2005654349:2005654349(0) win 64240 <mss 1460,nop,wscale 8,nop,nop,sackOK>

HTTPS:
4: 07:36:45.567261 192.168.10.5.51419 > 192.168.20.5.443: SWE 2582893096:2582893096(0) win 64240 <mss 1460,nop,wscale 8,nop,nop,sackOK>
5: 07:36:45.572403 192.168.10.5.51420 > 192.168.20.5.443: SWE 1423861587:1423861587(0) win 64240 <mss 1460,nop,wscale 8,nop,nop,sackOK>
6: 07:36:45.818210 192.168.10.5.51421 > 192.168.20.5.443: SWE 4143246363:4143246363(0) win 64240 <mss 1460,nop,wscale 8,nop,nop,sackOK>
7: 07:36:48.567322 192.168.10.5.51419 > 192.168.20.5.443: SWE 2582893096:2582893096(0) win 64240 <mss 1460,nop,wscale 8,nop,nop,sackOK>
8: 07:36:48.572205 192.168.10.5.51420 > 192.168.20.5.443: SWE 1423861587:1423861587(0) win 64240 <mss 1460,nop,wscale 8,nop,nop,sackOK>
9: 07:36:48.818347 192.168.10.5.51421 > 192.168.20.5.443: SWE 4143246363:4143246363(0) win 64240 <mss 1460,nop,wscale 8,nop,nop,sackOK>
10: 07:36:54.567612 192.168.10.5.51419 > 192.168.20.5.443: S 2582893096:2582893096(0) win 64240 <mss 1460,nop,wscale 8,nop,nop,sackOK>
11: 07:36:54.572434 192.168.10.5.51420 > 192.168.20.5.443: S 1423861587:1423861587(0) win 64240 <mss 1460,nop,wscale 8,nop,nop,sackOK>
12: 07:36:54.818484 192.168.10.5.51421 > 192.168.20.5.443: S 4143246363:4143246363(0) win 64240 <mss 1460,nop,wscale 8,nop,nop,sackOK>

Also tried the command "debug HTTP 255" while initiating https traffic but got no logs on the device.

the following commands are configured to provision access:

ssh 192.168.10.5 255.255.255.255 inside

http 192.168.10.5 255.255.255.255 inside

Gourmetcola2746237 · ‎08-09-2020

Spanning Tree protocols

Mohammed al Baqari · ‎08-09-2020

Hi,

Is subnetA another zone on the same ASAv. If yes, you can't ssh or https
from one zone to another on the same ASAv unless over VPN tunnel.

***** please remember to rate useful posts

S.U.H.E.L · ‎08-10-2020

Hi @Mohammed al Baqari, Subnet A is in a different and does not belong to the ASAv.

Mohammed al Baqari · ‎08-10-2020

ok, can you try to generate new ssh keys and attempt again.

>From the capture seems that your ASAv isn't responding. Also on ASA
enabling logging console to see the messages when you attempt to connect

**** please remember to rate useful posts

S.U.H.E.L · ‎08-10-2020

Generated new keys using the following command:
crypto key generate rsa general-keys modulus 1024

Tried connecting again, but the same result. Logging buffered is enabled but did not receive any logs for source 192.168.10.5.

However, the capture still shows the same traffic as shared in my original query.