Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1205
Views
10
Helpful
6
Replies

Unable to SSH to FPR2130 via VTI tunnel

Go to solution
richyvrlimited
Level 1
Level 1

‎04-14-2022 09:34 AM - edited ‎04-14-2022 09:37 AM

I've just migrated a S2S VPN tunnel from a 5545x over to a FPR2130. It's a route based VPN on both devices, the FPR2130 is running ASA code.

 

with the tunnel on the 5545 I am able to SSH or manage the box via ASDM without issue over the tunnel. However on the FPR the connection times out.

 

I can see the inbound SSH traffic hit the FPR, but after that it just tears the session down without responding.

 

the SSH traffic is from a private range and this is allowed via ssh x.x.x.x INSIDE

 

Management-access Inside is applied correctly

 

Is this a bug or have I missed a command somewhere?

 

many thanks

Labels:
2 Accepted Solutions

Accepted Solutions

Go to solution
richyvrlimited
Level 1
Level 1
In response to balaji.bandi

‎05-02-2022 03:36 AM

I can can/should be able to access from both inside and from the VTI tunnel.

 

Ended up rebooting the box for a security vulnerability update and lo and behold SSH from the tunnel now works. Would love to know why it didn't work prior to the reboot. Nothing else had changed.

View solution in original post

0 Helpful

Go to solution
richyvrlimited
Level 1
Level 1
In response to MHM Cisco World

‎05-02-2022 03:37 AM

I did try adding route lookup to a NAT entry from my source but no dice unfortunately. 

 

Ended up a reboot of the box resolved it, pretty frustrating.

View solution in original post

6 Replies 6

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎04-14-2022 09:46 AM

sugested as below for some coomunity users worked, try :  never had any issue for me

 

config t

no management-access inside

management-access inside

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
richyvrlimited
Level 1
Level 1
In response to balaji.bandi

‎04-14-2022 09:50 AM

not too keen on trying that as I suspect it'll cut me off....

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to richyvrlimited

‎04-14-2022 09:51 AM

are you inside ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
richyvrlimited
Level 1
Level 1
In response to balaji.bandi

‎05-02-2022 03:36 AM

I can can/should be able to access from both inside and from the VTI tunnel.

 

Ended up rebooting the box for a security vulnerability update and lo and behold SSH from the tunnel now works. Would love to know why it didn't work prior to the reboot. Nothing else had changed.

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP

‎04-17-2022 05:32 AM

add route-lookup to end of exception NAT.
try this and see if you can access SSH

0 Helpful

Go to solution
richyvrlimited
Level 1
Level 1
In response to MHM Cisco World

‎05-02-2022 03:37 AM

I did try adding route lookup to a NAT entry from my source but no dice unfortunately. 

 

Ended up a reboot of the box resolved it, pretty frustrating.

Customers Also Viewed These Support Documents