09-23-2010 03:16 AM
We have 2 ASA 5505 devices used to create a VPN to a client. Whilst there are 2 ASAs, only one is used at any time; the other is configured identially as a hardware backup.
Their startup-config files only differ in the hostname.
Remote SSH access to the ASA from several static IP addresses has been enabled on the outside interface. We can connect succssfully via SSH from a remote IP when one of them is used, but when it's replaced with the backup ASA, attempting to SSH to it results in the message "Server unexpectedly closed network connection".
SSHing to either ASA works fine via the inside interface.
The boxes are outside our firewall, and so traffic to it isn't being restricted by that.
Can anyone please suggest what might be causing this? Thanks for your help.
Solved! Go to Solution.
09-23-2010 07:15 AM
Hi,
Please double check if you have allowed access for your IP address:
ssh a.b.c.d 255.255.255.255 outside
assuming a.b.c.d is your IP address. Also, do you have "aaa authen ssh console LOCAL" and rsa keys generated "show crypto key mypubkey rsa".
Please paste the logs you get on that ASA when trying to SSH to it.
Regards,
Prapanch
09-23-2010 07:15 AM
Hi,
Please double check if you have allowed access for your IP address:
ssh a.b.c.d 255.255.255.255 outside
assuming a.b.c.d is your IP address. Also, do you have "aaa authen ssh console LOCAL" and rsa keys generated "show crypto key mypubkey rsa".
Please paste the logs you get on that ASA when trying to SSH to it.
Regards,
Prapanch
09-23-2010 09:23 AM
Thank you, Prapanch... that was the shove in the right direction I needed.
It dawned on me afterwards that someone had initially configured one of the ASAs, and that we'd subsequently purchased the second. He must have generated the RSA key. Because the key doesn't appear in the startup-config, I had assumed both boxes were configured identically, but the second box didn't have the RSA key.
Running the crypto key generate rsa modulus 1024 on the second ASA enabled SSH connections from the remote location.
The reason why I thought we had SSH working to both boxes locally was because I had misread the connection details in PuTTY, and was in fact making a Telnet connection to them when I'd thought it was an SSH connection.
Thank you for your time & help!
09-23-2010 10:05 AM
Hey Aidan,
Glad to know that it's working!!
Regards,
Prapanch
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: