Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3931
Views
0
Helpful
3
Replies

2 x ASA 5505, but can't SSH to 1 from remote location

Go to solution
aidan.whitehall
Level 1
Level 1

‎09-23-2010 03:16 AM

We have 2 ASA 5505 devices used to create a VPN to a client. Whilst there are 2 ASAs, only one is used at any time; the other is configured identially as a hardware backup.

Their startup-config files only differ in the hostname.

Remote SSH access to the ASA from several static IP addresses has been enabled on the outside interface. We can connect succssfully via SSH from a remote IP when one of them is used, but when it's replaced with the backup ASA, attempting to SSH to it results in the message "Server unexpectedly closed network connection".

SSHing to either ASA works fine via the inside interface.

The boxes are outside our firewall, and so traffic to it isn't being restricted by that.

Can anyone please suggest what might be causing this? Thanks for your help.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
praprama
Cisco Employee
Cisco Employee

‎09-23-2010 07:15 AM

Hi,

Please double check if you have allowed access for your IP address:

ssh a.b.c.d 255.255.255.255 outside

assuming a.b.c.d is your IP address. Also, do you have "aaa authen ssh console LOCAL" and rsa keys generated "show crypto key mypubkey rsa".

Please paste the logs you get on that ASA when trying to SSH to it.

Regards,

Prapanch

View solution in original post

0 Helpful
3 Replies 3

Go to solution
praprama
Cisco Employee
Cisco Employee

‎09-23-2010 07:15 AM

Hi,

Please double check if you have allowed access for your IP address:

ssh a.b.c.d 255.255.255.255 outside

assuming a.b.c.d is your IP address. Also, do you have "aaa authen ssh console LOCAL" and rsa keys generated "show crypto key mypubkey rsa".

Please paste the logs you get on that ASA when trying to SSH to it.

Regards,

Prapanch

0 Helpful

Go to solution
aidan.whitehall
Level 1
Level 1
In response to praprama

‎09-23-2010 09:23 AM

Thank you, Prapanch... that was the shove in the right direction I needed.

It dawned on me afterwards that someone had initially configured one of the ASAs, and that we'd subsequently purchased the second. He must have generated the RSA key. Because the key doesn't appear in the startup-config, I had assumed both boxes were configured identically, but the second box didn't have the RSA key.

Running the crypto key generate rsa modulus 1024 on the second ASA enabled SSH connections from the remote location.

The reason why I thought we had SSH working to both boxes locally was because I had misread the connection details in PuTTY, and was in fact making a Telnet connection to them when I'd thought it was an SSH connection.

Thank you for your time & help!

0 Helpful

Go to solution
praprama
Cisco Employee
Cisco Employee
In response to aidan.whitehall

‎09-23-2010 10:05 AM

Hey Aidan,

Glad to know that it's working!!

Regards,

Prapanch

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents