Can't Telnet to AIP-SSM 10 in ASA 5520

Unanswered Question
Feb 24th, 2008

I can session 1 into the SSM 10 from the host ASA 5520, run setup and ping the ASA and a device hanging off the dmz but I can't ping the SSM-10 from the ASA or a host hanging off the dmz. I don't have the RJ-45 of the SSM plugged into the network. I have enabled telnet on the box [telnet-option-enable]. I need to get connectivity to this device to install new signatures images, soon.

How do I get telnet/ssh to work

Thanks in advance,

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
marcabal Mon, 02/25/2008 - 08:01

The external RJ45 interface needs to be plugged into the network for which you configured the SSM's ip address during setup.

I am not sure how you can ping the ASA or dmz machines address without that interface plugged in. The SSM should not send ping packets in through the SSM's backplane connection to the ASA. That backplane connection should only be used for direct communication between the ASA and SSM for "session" packets, and some control packets, but not general network packets. If the ping is going through there then it would be considered a bug, and you can't rely on it.

You must use the external RJ45 connection for your command and control.

mlenco Mon, 02/25/2008 - 12:49

Once you cable up that lonely littel interface on the front of the SSM the mgmt interface comes up. Additionally, the access-list command must be done for each network needing to have telnet/ssh access to the module.


This Discussion