SSL / AnyConnect can't get SSH to work

Unanswered Question
Sep 25th, 2008
User Badges:


I have a working SSL vpn setup on my 5505. Once logged in ,I can use rdp, http...and so on. However, when I try to use ssh sessions to my internal hosts, I can't connect. I just get the login prompt and after a few seconds the status line goes red and displays "not connected"

I get the same error message on Windows, Linux and Mac.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
robbhanMid Thu, 09/25/2008 - 10:24
User Badges:

I'm using the clientless ssl vpn via my browser. So basically It's the ssh applet within that browser that can't seem to connect beyond the login promt.

OK - are you using the latest SSH Java plugin on the ASA?

As the last time I checked the things that you can do with a clientless connection - without the SSH plugins is:-




HTTP and HTTPS to internal web servers


Windows file access and browsing


Citrix Servers with the Citrix thin client


robbhanMid Thu, 09/25/2008 - 12:44
User Badges:


You can do RDP with it as well.

I'm using the version that ships with the asa5505. Not sure what version it is. Does it matter and how can I see what version I'm using?

robbhanMid Fri, 09/26/2008 - 00:34
User Badges:


Is this what you mean? Is it possible to upgrade the ssh "plug-in" on the asa 5505 separately to get it to work?

Result of the command: "show version"

Cisco Adaptive Security Appliance Software Version 8.0(3)

Device Manager Version 6.0(3)

Compiled on Tue 06-Nov-07 22:59 by builders

System image file is "disk0:/asa803-k8.bin"

Config file at boot was "startup-config"

bahnhof up 56 days 23 hours

Hardware: ASA5505, 256 MB RAM, CPU Geode 500 MHz

Internal ATA Compact Flash, 128MB

BIOS Flash M50FW080 @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)

Boot microcode : CN1000-MC-BOOT-2.00

SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.01

IPSec microcode : CNlite-MC-IPSECm-MAIN-2.04

0: Int: Internal-Data0/0 : address is 001f.cabb.c3a1, irq 11

1: Ext: Ethernet0/0 : address is 001f.cabb.c399, irq 255

2: Ext: Ethernet0/1 : address is 001f.cabb.c39a, irq 255

3: Ext: Ethernet0/2 : address is 001f.cabb.c39b, irq 255

4: Ext: Ethernet0/3 : address is 001f.cabb.c39c, irq 255

5: Ext: Ethernet0/4 : address is 001f.cabb.c39d, irq 255

6: Ext: Ethernet0/5 : address is 001f.cabb.c39e, irq 255

7: Ext: Ethernet0/6 : address is 001f.cabb.c39f, irq 255

8: Ext: Ethernet0/7 : address is 001f.cabb.c3a0, irq 255

9: Int: Internal-Data0/1 : address is 0000.0003.0002, irq 255

10: Int: Not used : irq 255

11: Int: Not used : irq 255

Licensed features for this platform:

Maximum Physical Interfaces : 8

VLANs : 20, DMZ Unrestricted

Inside Hosts : Unlimited

Failover : Active/Standby

VPN-DES : Enabled

VPN-3DES-AES : Enabled

VPN Peers : 25

WebVPN Peers : 2

Dual ISPs : Enabled

VLAN Trunk Ports : 8

AnyConnect for Mobile : Disabled

AnyConnect for Linksys phone : Disabled

Advanced Endpoint Assessment : Disabled

This platform has an ASA 5505 Security Plus license.

Serial Number: *

Running Activation Key: *

Configuration register is 0x1

Configuration last modified by * at 07:55:28.322 UTC Fri Sep 26 2008


This Discussion