Solved: Unable to SSH server from ASA - Page 2

mahesh18 · ‎04-23-2013

Hi everyone,

ASA has 2 interfaces say x and y.

From interface x when on subnet say 171.31.0.0 mask /24 i am able to ssh server.

ASA shows hit counts.

When on subnet 171.23 ssh does not work.logs shows tcp reset 0 thats from interface y.

both subnets have connection from interface x to server which is on ASA interface y.

I check IP on interface x it shows 171.15.0.0/12.

Thanks

MAhesh

Jouni Forss · ‎04-23-2013

Hi,

I would imagine that you have some "object-group network" or "object network" or some such object used in the ACL and when you keep your mouse over the object it shows the IP address/network configured under it.

I can't really say for sure as I dont use ASDM in general.

- Jouni

mahesh18 · ‎04-24-2013

Hi Jouni,

Seems there was another firewall inbetween the server that did not have ACL to allow the user subnet.

So it was blocking the connection.

Many thanks for all the answers.

Best regards

MAhesh

Jouni Forss · ‎04-24-2013

Ok,

Glad its working now.

It seems that the firewall that is between is either an ASA that is configured differently from the default operation OR its a firewall from different manufacturer.

ASA firewalls by default dont send TCP Reset to connections that they block (BUT they can be configured to do this). By default the connection will simply timeout and your ASA would have then seen a Teardown message with SYN Timeout (Instead of TCP Reset-O). Seems that this firewall in between just immediately Resets the TCP connection if its not allowed according to the firewalls rules.

- Jouni

mahesh18 · ‎04-24-2013

Hi Jouni,

you got it its configured differently in non routed mode.

Thanks

MAhesh