09-25-2008 06:46 AM - edited 03-09-2019 09:33 PM
Hi,
I have a working SSL vpn setup on my 5505. Once logged in ,I can use rdp, http...and so on. However, when I try to use ssh sessions to my internal hosts, I can't connect. I just get the login prompt and after a few seconds the status line goes red and displays "not connected"
I get the same error message on Windows, Linux and Mac.
09-25-2008 09:55 AM
Are you using the thin client (port forwarding) or full SSL client?
09-25-2008 10:24 AM
I'm using the clientless ssl vpn via my browser. So basically It's the ssh applet within that browser that can't seem to connect beyond the login promt.
09-25-2008 10:32 AM
OK - are you using the latest SSH Java plugin on the ASA?
As the last time I checked the things that you can do with a clientless connection - without the SSH plugins is:-
*
OWA/Exchange
*
HTTP and HTTPS to internal web servers
*
Windows file access and browsing
*
Citrix Servers with the Citrix thin client
HTH>
09-25-2008 12:44 PM
Hi,
You can do RDP with it as well.
I'm using the version that ships with the asa5505. Not sure what version it is. Does it matter and how can I see what version I'm using?
09-25-2008 11:59 PM
show ver from the command line of the ASA.
Also I had issues getting this to work in the past - I was using the wrong broswer, I could only get the SSH to work with I.E 6.
HTH>
09-26-2008 12:34 AM
Hi,
Is this what you mean? Is it possible to upgrade the ssh "plug-in" on the asa 5505 separately to get it to work?
Result of the command: "show version"
Cisco Adaptive Security Appliance Software Version 8.0(3)
Device Manager Version 6.0(3)
Compiled on Tue 06-Nov-07 22:59 by builders
System image file is "disk0:/asa803-k8.bin"
Config file at boot was "startup-config"
bahnhof up 56 days 23 hours
Hardware: ASA5505, 256 MB RAM, CPU Geode 500 MHz
Internal ATA Compact Flash, 128MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB
Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.01
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.04
0: Int: Internal-Data0/0 : address is 001f.cabb.c3a1, irq 11
1: Ext: Ethernet0/0 : address is 001f.cabb.c399, irq 255
2: Ext: Ethernet0/1 : address is 001f.cabb.c39a, irq 255
3: Ext: Ethernet0/2 : address is 001f.cabb.c39b, irq 255
4: Ext: Ethernet0/3 : address is 001f.cabb.c39c, irq 255
5: Ext: Ethernet0/4 : address is 001f.cabb.c39d, irq 255
6: Ext: Ethernet0/5 : address is 001f.cabb.c39e, irq 255
7: Ext: Ethernet0/6 : address is 001f.cabb.c39f, irq 255
8: Ext: Ethernet0/7 : address is 001f.cabb.c3a0, irq 255
9: Int: Internal-Data0/1 : address is 0000.0003.0002, irq 255
10: Int: Not used : irq 255
11: Int: Not used : irq 255
Licensed features for this platform:
Maximum Physical Interfaces : 8
VLANs : 20, DMZ Unrestricted
Inside Hosts : Unlimited
Failover : Active/Standby
VPN-DES : Enabled
VPN-3DES-AES : Enabled
VPN Peers : 25
WebVPN Peers : 2
Dual ISPs : Enabled
VLAN Trunk Ports : 8
AnyConnect for Mobile : Disabled
AnyConnect for Linksys phone : Disabled
Advanced Endpoint Assessment : Disabled
This platform has an ASA 5505 Security Plus license.
Serial Number: *
Running Activation Key: *
Configuration register is 0x1
Configuration last modified by * at 07:55:28.322 UTC Fri Sep 26 2008
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: