Introduction
This section describes the solution for the error message %SSH-3-DH_RANGE_FAIL: Client DH key range mismatch with
maximum configured DH key on server in ASR routers.
Core Issue
%SSH-3-DH_RANGE_FAIL: Client DH key range mismatch with maximum configured DH key on server
Resolution
This only an informational message indicating that the preferred client DH key size is larger than the minimum configured on
the server and hence the DH keys could not be exchanged.It seems that some client/server/scan is trying to access the device
and credentials do not match, thus the message is generated. You can correlate if this message correspond to the valid user
login attempts or not. Possibly debug ip SSH may help to get more details.
Source: https://supportforums.cisco.com/thread/2126990
Related Information
Cisco ASR 1000 Series Aggregation Services Routers - Release Notes