Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA SSH issue

Dear CSC,

I just stumbled upon a strange ASA / SSH problem.

First of all some specs:

ASA 5520 - Active /Standby Multi Context mode running 8.4.3

I’ve configured SSH login with local authentication and it works fine if I permit access from anywhere.

I wanted to tighten management access to the MGMT interface and MGMT network and applied the following SSH access restriction

ssh MGMT

MGMT Interface IP address is (2) and ssh client was

Surprisingly I could not connect to the ASA anymore. I than changed to configuration to

Ssh MGMT - it was still not working

So I’ve opened the access to

Ssh MGMT and it worked!

Has anyone an explanation for this? Did I miss anything?

Thanks in advance


Everyone's tags (3)

ASA SSH issue

Well the only explanation I can think of at this moment is that the subnet from where you were doing SSH is not the same as defined on the ASA, can you check the IP from where you are accessing it.



Thanks, Varun Rao Security Team, Cisco TAC
Community Member

Re: ASA SSH issue

Hey Varoun

Just checked it again –

that was my first thought but well as mentioned ASA is using (2)/28 and the client was using in fact I could see the following log entry:

302013 - Build inbound TCP connection 564479 for MGMT: ( to identity (

So basically my ssh connection reached the ASA but never got processed until I changed the allowed ssh IPs.

I'll check tonight in my lab if this issue comes up on other devices.

Cheers Michael

CreatePlease to create content