ASA 5520 Version 8.02 problem with telnet management

Unanswered Question
Aug 17th, 2007
User Badges:

The ASA 5520 is configured for Transparent mode. Whenever I telnet to the ASA management IP address via telnetting from another device such as a 3560 or 2960 switch and issue a "show run" command, I receive a partial output of the ASA config, then the session hangs. Besides losing connectivity to the ASA, all IP connectivity to the IP address of the switch that I telnetted from is lost. It takes approximately 5 minutes before IP connectivity to the switch is restored.

If I downgrade to version 7.22, I do not have this problem. Also, version 8.02 permits telnet connectivity to the ASA from the outside, unlike version 7.22.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
david.keil Mon, 08/20/2007 - 18:27
User Badges:

I am having somewhat of a similar issue but with a PIX515E-UR that has been upgraded to PIX OS v.8.02 w/ASDM v.6.02. I am unable to manage my firewall when connecting using an IPSec Remote Access VPN client even though it has been explicitly added to the Telnet/SSH/ASDM configuration under Management Access. I was able to manage my firewall before without any issues prior to the version upgrade. The strange thing that I am noticing is that when I telnet/ssh to the firewall I can see the sessions connected but I am not receiving any text back from the firewall...just a black screen with a blinking cursor. Ideas?

russ Tue, 08/21/2007 - 03:31
User Badges:

I don't think the problem is quite the same.

I have found in version 7.22 that if you connect to the management IP address from the outside (not using VPN) you get connected but receive no text. (But telnet from the outside shouldn't be allowed anyway). If you connect from the inside it works ok. May be you have a similar problem with version 8 in that the Pix is assuming you are connecting from the outside, but does not realise that it is via VPN?

Try allowing telnet access from both the inside and outside e.g.


telnet 192.168.1.0 255.255.255.0 inside

telnet 192.168.1.0 255.255.255.0 outside


where 192.168.1.0 is the VPN RA pool.


Also confirm you have the following configured:


management-access inside


david.keil Tue, 08/21/2007 - 07:57
User Badges:

I verified that the previous recommendations were set on the PIX and I am still running into the same issue. The following commands were applied to the device:


management-access inside


telnet 10.1.18.0 255.255.255.0 inside

telnet 10.1.18.0 255.255.255.0 outside

ssh 10.1.18.0 255.255.255.0 inside

ssh 10.1.18.0 255.255.255.0 outside

http 10.1.18.0 255.255.255.0 inside

http 10.1.18.0 255.255.255.0 outside


I am still receiving the same results. It looks as though it is connected and when I view the Device Access under the monitoring I can see the telnet session has been established. SSH and the ASDM do not show up and are stuck in a hanging state on the VPN client. Ideas? Is this a bug in PIX OS 8.02?

russ Tue, 08/21/2007 - 09:20
User Badges:

I've not yet tried your scenario with v8 but it does appear there are some possible bugs to do with telnet and v8. Have you tried telnetting from the VPN client onto an inside device such as an internal switch or router and then hopping off from there to the Pix, just to see if you have the same problem as me?

david.keil Tue, 08/21/2007 - 09:35
User Badges:

Telnetting to other devices works fine. I can telnet to my 2 routers and 1 switch.

russ Tue, 08/21/2007 - 09:41
User Badges:

But are you able to telnet from those switches to the Pix and do a "sh run" command withot any issues?

david.keil Tue, 08/21/2007 - 09:43
User Badges:

Yes, from the VPN client I telnetted to my router and from my router I telnetted into the PIX with no issues.

russ Tue, 08/21/2007 - 10:30
User Badges:

Maybe the problem I am seeing then is because the ASA was configured for Transparent mode. I've not yet tried telnet with v8 in routed mode.

Actions

This Discussion