08-17-2007 12:55 PM - edited 03-11-2019 03:59 AM
The ASA 5520 is configured for Transparent mode. Whenever I telnet to the ASA management IP address via telnetting from another device such as a 3560 or 2960 switch and issue a "show run" command, I receive a partial output of the ASA config, then the session hangs. Besides losing connectivity to the ASA, all IP connectivity to the IP address of the switch that I telnetted from is lost. It takes approximately 5 minutes before IP connectivity to the switch is restored.
If I downgrade to version 7.22, I do not have this problem. Also, version 8.02 permits telnet connectivity to the ASA from the outside, unlike version 7.22.
08-20-2007 06:27 PM
I am having somewhat of a similar issue but with a PIX515E-UR that has been upgraded to PIX OS v.8.02 w/ASDM v.6.02. I am unable to manage my firewall when connecting using an IPSec Remote Access VPN client even though it has been explicitly added to the Telnet/SSH/ASDM configuration under Management Access. I was able to manage my firewall before without any issues prior to the version upgrade. The strange thing that I am noticing is that when I telnet/ssh to the firewall I can see the sessions connected but I am not receiving any text back from the firewall...just a black screen with a blinking cursor. Ideas?
08-21-2007 03:31 AM
I don't think the problem is quite the same.
I have found in version 7.22 that if you connect to the management IP address from the outside (not using VPN) you get connected but receive no text. (But telnet from the outside shouldn't be allowed anyway). If you connect from the inside it works ok. May be you have a similar problem with version 8 in that the Pix is assuming you are connecting from the outside, but does not realise that it is via VPN?
Try allowing telnet access from both the inside and outside e.g.
telnet 192.168.1.0 255.255.255.0 inside
telnet 192.168.1.0 255.255.255.0 outside
where 192.168.1.0 is the VPN RA pool.
Also confirm you have the following configured:
management-access inside
08-21-2007 07:57 AM
I verified that the previous recommendations were set on the PIX and I am still running into the same issue. The following commands were applied to the device:
management-access inside
telnet 10.1.18.0 255.255.255.0 inside
telnet 10.1.18.0 255.255.255.0 outside
ssh 10.1.18.0 255.255.255.0 inside
ssh 10.1.18.0 255.255.255.0 outside
http 10.1.18.0 255.255.255.0 inside
http 10.1.18.0 255.255.255.0 outside
I am still receiving the same results. It looks as though it is connected and when I view the Device Access under the monitoring I can see the telnet session has been established. SSH and the ASDM do not show up and are stuck in a hanging state on the VPN client. Ideas? Is this a bug in PIX OS 8.02?
08-21-2007 09:20 AM
I've not yet tried your scenario with v8 but it does appear there are some possible bugs to do with telnet and v8. Have you tried telnetting from the VPN client onto an inside device such as an internal switch or router and then hopping off from there to the Pix, just to see if you have the same problem as me?
08-21-2007 09:35 AM
Telnetting to other devices works fine. I can telnet to my 2 routers and 1 switch.
08-21-2007 09:41 AM
But are you able to telnet from those switches to the Pix and do a "sh run" command withot any issues?
08-21-2007 09:43 AM
Yes, from the VPN client I telnetted to my router and from my router I telnetted into the PIX with no issues.
08-21-2007 10:30 AM
Maybe the problem I am seeing then is because the ASA was configured for Transparent mode. I've not yet tried telnet with v8 in routed mode.
08-21-2007 11:53 AM
I currently have my PIX configured for Routed.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide