Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
277
Views
0
Helpful
1
Replies

Problem with ssh through vpn

warriorforGod
Level 1
Level 1

‎03-10-2011 06:54 AM

I have a site to site vpn set up.  Site A has an asa 5520 and site B has a juniper netscreen firewall.  I can ping a machine in site b from site a through the tunnel just fine, however I cannot ssh.  When I initiate the ssh connection I see the hitcounters on the ssh acl increase on site a's asa, but cannot see any ssh traffic coming in at the firewall on site b.  Here are my tunnel ACL's on the asa side.

access-list tunnel extended permit tcp 206.188.60.0 255.255.255.0 any

access-list tunnel extended permit udp 206.188.60.0 255.255.255.0 any

access-list tunnel extended deny ip any any log alerts interval 1

When I inititate the ssh connection the tcp rule's hit counter increases.

Any suggestions on a fix?

Labels:
0 Helpful
1 Reply 1

Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎03-10-2011 07:09 AM

Hi,

How can you PING through the tunnel if only allowing TCP and UDP?

Normally, you should define the crypto ACL as ''IP'' and then you can filter only the desired traffic through the tunnel.

Do you have the option of defining a permit IP ACL on both ends for this traffic?

Federico.

0 Helpful
Customers Also Viewed These Support Documents