04-27-2011 12:38 PM
We setup user authentication through a Radius server. We can SSH to a router when we are local. However, we are unable to SSH when we login to Cisco VPN client. Is there a way to allow SSH when we login to Cisco VPN client?
ssh XXX.XXX.XXX.0 255.255.255.0 Inside
ssh timeout 5
ssh version 2
Thanks.
Laura
04-27-2011 01:34 PM
Laura,
Looks like you're talking about ASA and not router (judging by configuration lines you indicated).
To be able to reach SSH to "inside" interface from VPN client connected to outside interface you will need to add this command.
management-access inside
And of course make sure that you have "ssh" command to allow your VPN user IP pool.
HTH,
Marcin
04-27-2011 02:22 PM
Yes, you are correct. I tried to SSH to the ASA, not a router. I tried your suggestions and still could not SSH to the ASA when I login to Cisco VPN client. Do you have any other suggestions? Thanks.
Laura
04-27-2011 02:33 PM
Laura,
That's too few information. I'd say enable logging on informational level and check what's going on.
logging buffered info
logging buffer-size 10000000
Then initiate a connection from VPN client to ASA and run:
sh logg | i IP_ADDRESS_ASSIGNED_TO_CLIENT
If you see a failure/deny/error of any sort, check with the index:
http://www.cisco.com/en/US/docs/security/asa/asa82/system/message/syslog.html
Marcin
04-27-2011 02:51 PM
Thanks Marcin. I will get back later on today or tomorrow. Thanks again.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: