smalkeric Mon, 04/06/2009 - 07:52
User Badges:
  • Silver, 250 points or more

Use the SSL tab of the Add/Edit Connection Profile dialog box to configure the WINS servers for the connection profile policy, select a customized look and feel for the SSL VPN end-user logon web page, DHCP servers to be used for client address assignment, and establish an association between an interface and client IP address pools.

Navigation Path

1. In Device View, select an ASA device.

2. Select Remote Access VPN > Connection Profiles from the Policy selector.

3. Click Create or Edit.

4. Select the SSL tab.

BEHowardGRDA Tue, 04/07/2009 - 12:00
User Badges:

First off thanks for the reply!

This connection is not through a VPN tunnel. We have an entity that connects to a system directly via SSH. Before we switched over to the ASA this entity could tunnel an RDP session over port 22 (SSH). It would appear that the ASA is looking at the packets and seeing that they are not true SSH packets and dropping them.

lrm001c474 Tue, 04/14/2009 - 12:59
User Badges:


I have found that the Cisco implementation of SSH server version 2 on ASA/PIX platforms suffer either from a bug or intentional/un-intentional design where it can't/won't allocate more than a single channel per SSH version 2 connection.

I have seen SSH tunneling work on ASA/PIX platforms running SSH version 1 however.

Hope this helps and please award points if helpful.

yuri_slobodyanyuk Tue, 04/14/2009 - 22:14
User Badges:

Hard to belive - SSH encrypts payload,

so ASA can't really see what is inside

- only ports and that it is SSH headers.

lrm001c474 Wed, 04/15/2009 - 07:21
User Badges:

When the SSH session terminates on the ASA, it's SSH daemon will see the attempt to tunnel application traffic over the SSH session and attempt to open another SSH connection.


This Discussion