Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA 5520 Version 8.02 problem with telnet management

The ASA 5520 is configured for Transparent mode. Whenever I telnet to the ASA management IP address via telnetting from another device such as a 3560 or 2960 switch and issue a "show run" command, I receive a partial output of the ASA config, then the session hangs. Besides losing connectivity to the ASA, all IP connectivity to the IP address of the switch that I telnetted from is lost. It takes approximately 5 minutes before IP connectivity to the switch is restored.

If I downgrade to version 7.22, I do not have this problem. Also, version 8.02 permits telnet connectivity to the ASA from the outside, unlike version 7.22.

9 REPLIES
Community Member

Re: ASA 5520 Version 8.02 problem with telnet management

I am having somewhat of a similar issue but with a PIX515E-UR that has been upgraded to PIX OS v.8.02 w/ASDM v.6.02. I am unable to manage my firewall when connecting using an IPSec Remote Access VPN client even though it has been explicitly added to the Telnet/SSH/ASDM configuration under Management Access. I was able to manage my firewall before without any issues prior to the version upgrade. The strange thing that I am noticing is that when I telnet/ssh to the firewall I can see the sessions connected but I am not receiving any text back from the firewall...just a black screen with a blinking cursor. Ideas?

Community Member

Re: ASA 5520 Version 8.02 problem with telnet management

I don't think the problem is quite the same.

I have found in version 7.22 that if you connect to the management IP address from the outside (not using VPN) you get connected but receive no text. (But telnet from the outside shouldn't be allowed anyway). If you connect from the inside it works ok. May be you have a similar problem with version 8 in that the Pix is assuming you are connecting from the outside, but does not realise that it is via VPN?

Try allowing telnet access from both the inside and outside e.g.

telnet 192.168.1.0 255.255.255.0 inside

telnet 192.168.1.0 255.255.255.0 outside

where 192.168.1.0 is the VPN RA pool.

Also confirm you have the following configured:

management-access inside

Community Member

Re: ASA 5520 Version 8.02 problem with telnet management

I verified that the previous recommendations were set on the PIX and I am still running into the same issue. The following commands were applied to the device:

management-access inside

telnet 10.1.18.0 255.255.255.0 inside

telnet 10.1.18.0 255.255.255.0 outside

ssh 10.1.18.0 255.255.255.0 inside

ssh 10.1.18.0 255.255.255.0 outside

http 10.1.18.0 255.255.255.0 inside

http 10.1.18.0 255.255.255.0 outside

I am still receiving the same results. It looks as though it is connected and when I view the Device Access under the monitoring I can see the telnet session has been established. SSH and the ASDM do not show up and are stuck in a hanging state on the VPN client. Ideas? Is this a bug in PIX OS 8.02?

Community Member

Re: ASA 5520 Version 8.02 problem with telnet management

I've not yet tried your scenario with v8 but it does appear there are some possible bugs to do with telnet and v8. Have you tried telnetting from the VPN client onto an inside device such as an internal switch or router and then hopping off from there to the Pix, just to see if you have the same problem as me?

Community Member

Re: ASA 5520 Version 8.02 problem with telnet management

Telnetting to other devices works fine. I can telnet to my 2 routers and 1 switch.

Community Member

Re: ASA 5520 Version 8.02 problem with telnet management

But are you able to telnet from those switches to the Pix and do a "sh run" command withot any issues?

Community Member

Re: ASA 5520 Version 8.02 problem with telnet management

Yes, from the VPN client I telnetted to my router and from my router I telnetted into the PIX with no issues.

Community Member

Re: ASA 5520 Version 8.02 problem with telnet management

Maybe the problem I am seeing then is because the ASA was configured for Transparent mode. I've not yet tried telnet with v8 in routed mode.

Community Member

Re: ASA 5520 Version 8.02 problem with telnet management

I currently have my PIX configured for Routed.

656
Views
0
Helpful
9
Replies
CreatePlease to create content