cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1148
Views
0
Helpful
6
Replies

SSL / AnyConnect can't get SSH to work

robbhanMid
Level 1
Level 1

Hi,

I have a working SSL vpn setup on my 5505. Once logged in ,I can use rdp, http...and so on. However, when I try to use ssh sessions to my internal hosts, I can't connect. I just get the login prompt and after a few seconds the status line goes red and displays "not connected"

I get the same error message on Windows, Linux and Mac.

6 Replies 6

andrew.prince
Level 10
Level 10

Are you using the thin client (port forwarding) or full SSL client?

I'm using the clientless ssl vpn via my browser. So basically It's the ssh applet within that browser that can't seem to connect beyond the login promt.

OK - are you using the latest SSH Java plugin on the ASA?

As the last time I checked the things that you can do with a clientless connection - without the SSH plugins is:-

*

OWA/Exchange

*

HTTP and HTTPS to internal web servers

*

Windows file access and browsing

*

Citrix Servers with the Citrix thin client

HTH>

Hi,

You can do RDP with it as well.

I'm using the version that ships with the asa5505. Not sure what version it is. Does it matter and how can I see what version I'm using?

show ver from the command line of the ASA.

Also I had issues getting this to work in the past - I was using the wrong broswer, I could only get the SSH to work with I.E 6.

HTH>

Hi,

Is this what you mean? Is it possible to upgrade the ssh "plug-in" on the asa 5505 separately to get it to work?

Result of the command: "show version"

Cisco Adaptive Security Appliance Software Version 8.0(3)

Device Manager Version 6.0(3)

Compiled on Tue 06-Nov-07 22:59 by builders

System image file is "disk0:/asa803-k8.bin"

Config file at boot was "startup-config"

bahnhof up 56 days 23 hours

Hardware: ASA5505, 256 MB RAM, CPU Geode 500 MHz

Internal ATA Compact Flash, 128MB

BIOS Flash M50FW080 @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)

Boot microcode : CN1000-MC-BOOT-2.00

SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.01

IPSec microcode : CNlite-MC-IPSECm-MAIN-2.04

0: Int: Internal-Data0/0 : address is 001f.cabb.c3a1, irq 11

1: Ext: Ethernet0/0 : address is 001f.cabb.c399, irq 255

2: Ext: Ethernet0/1 : address is 001f.cabb.c39a, irq 255

3: Ext: Ethernet0/2 : address is 001f.cabb.c39b, irq 255

4: Ext: Ethernet0/3 : address is 001f.cabb.c39c, irq 255

5: Ext: Ethernet0/4 : address is 001f.cabb.c39d, irq 255

6: Ext: Ethernet0/5 : address is 001f.cabb.c39e, irq 255

7: Ext: Ethernet0/6 : address is 001f.cabb.c39f, irq 255

8: Ext: Ethernet0/7 : address is 001f.cabb.c3a0, irq 255

9: Int: Internal-Data0/1 : address is 0000.0003.0002, irq 255

10: Int: Not used : irq 255

11: Int: Not used : irq 255

Licensed features for this platform:

Maximum Physical Interfaces : 8

VLANs : 20, DMZ Unrestricted

Inside Hosts : Unlimited

Failover : Active/Standby

VPN-DES : Enabled

VPN-3DES-AES : Enabled

VPN Peers : 25

WebVPN Peers : 2

Dual ISPs : Enabled

VLAN Trunk Ports : 8

AnyConnect for Mobile : Disabled

AnyConnect for Linksys phone : Disabled

Advanced Endpoint Assessment : Disabled

This platform has an ASA 5505 Security Plus license.

Serial Number: *

Running Activation Key: *

Configuration register is 0x1

Configuration last modified by * at 07:55:28.322 UTC Fri Sep 26 2008

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: