09-25-2008 06:46 AM - edited 03-09-2019 09:33 PM
Hi,
I have a working SSL vpn setup on my 5505. Once logged in ,I can use rdp, http...and so on. However, when I try to use ssh sessions to my internal hosts, I can't connect. I just get the login prompt and after a few seconds the status line goes red and displays "not connected"
I get the same error message on Windows, Linux and Mac.
09-25-2008 09:55 AM
Are you using the thin client (port forwarding) or full SSL client?
09-25-2008 10:24 AM
I'm using the clientless ssl vpn via my browser. So basically It's the ssh applet within that browser that can't seem to connect beyond the login promt.
09-25-2008 10:32 AM
OK - are you using the latest SSH Java plugin on the ASA?
As the last time I checked the things that you can do with a clientless connection - without the SSH plugins is:-
*
OWA/Exchange
*
HTTP and HTTPS to internal web servers
*
Windows file access and browsing
*
Citrix Servers with the Citrix thin client
HTH>
09-25-2008 12:44 PM
Hi,
You can do RDP with it as well.
I'm using the version that ships with the asa5505. Not sure what version it is. Does it matter and how can I see what version I'm using?
09-25-2008 11:59 PM
show ver from the command line of the ASA.
Also I had issues getting this to work in the past - I was using the wrong broswer, I could only get the SSH to work with I.E 6.
HTH>
09-26-2008 12:34 AM
Hi,
Is this what you mean? Is it possible to upgrade the ssh "plug-in" on the asa 5505 separately to get it to work?
Result of the command: "show version"
Cisco Adaptive Security Appliance Software Version 8.0(3)
Device Manager Version 6.0(3)
Compiled on Tue 06-Nov-07 22:59 by builders
System image file is "disk0:/asa803-k8.bin"
Config file at boot was "startup-config"
bahnhof up 56 days 23 hours
Hardware: ASA5505, 256 MB RAM, CPU Geode 500 MHz
Internal ATA Compact Flash, 128MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB
Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.01
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.04
0: Int: Internal-Data0/0 : address is 001f.cabb.c3a1, irq 11
1: Ext: Ethernet0/0 : address is 001f.cabb.c399, irq 255
2: Ext: Ethernet0/1 : address is 001f.cabb.c39a, irq 255
3: Ext: Ethernet0/2 : address is 001f.cabb.c39b, irq 255
4: Ext: Ethernet0/3 : address is 001f.cabb.c39c, irq 255
5: Ext: Ethernet0/4 : address is 001f.cabb.c39d, irq 255
6: Ext: Ethernet0/5 : address is 001f.cabb.c39e, irq 255
7: Ext: Ethernet0/6 : address is 001f.cabb.c39f, irq 255
8: Ext: Ethernet0/7 : address is 001f.cabb.c3a0, irq 255
9: Int: Internal-Data0/1 : address is 0000.0003.0002, irq 255
10: Int: Not used : irq 255
11: Int: Not used : irq 255
Licensed features for this platform:
Maximum Physical Interfaces : 8
VLANs : 20, DMZ Unrestricted
Inside Hosts : Unlimited
Failover : Active/Standby
VPN-DES : Enabled
VPN-3DES-AES : Enabled
VPN Peers : 25
WebVPN Peers : 2
Dual ISPs : Enabled
VLAN Trunk Ports : 8
AnyConnect for Mobile : Disabled
AnyConnect for Linksys phone : Disabled
Advanced Endpoint Assessment : Disabled
This platform has an ASA 5505 Security Plus license.
Serial Number: *
Running Activation Key: *
Configuration register is 0x1
Configuration last modified by * at 07:55:28.322 UTC Fri Sep 26 2008
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide