08-05-2008 06:44 AM - edited 03-11-2019 06:25 AM
Hi,
When I try to ssh to a certain host my connection gets denied for some reason.
I get the following error message:
6 Aug 05 2008 14:26:37 106015 192.168.1.31 192.168.200.2 Deny TCP (no connection) from 192.168.1.31/46587 to 192.168.200.2/22 flags RST on interface inside
The security appliance discarded a TCP packet that has no associated connection in the security appliance table
Any ideas?
08-05-2008 06:56 AM
Check you access-lists
08-05-2008 07:00 AM
I'm not sure the access list are at fault here. Could you be a bit more specific?
08-05-2008 07:03 AM
I have seen this in two instances:-
1) A acl on the inside interface blocking ssh access to a host beyond the pix/asa - hence the rst.
2) You are actually trying to ssh to the pix/asa and you have not configured ssh access on the inside interface, the pix/asa will send a rst and not just drop.
I am presuming that it's not option 2, so I would double check acl's.
HTH>
08-05-2008 07:01 AM
can u put ur ACL and nat config
08-05-2008 11:19 PM
08-06-2008 12:07 AM
since you change the NAT from the inside to the DMZ - did you perform a "clear xlate" ?
Are the relevant services on the machine actually running - have you performed a packet capture on the reomte machine to see if the requests are actually hitting it?
Do you see any hit counters on the acl:-
access-list inside_access_in extended permit ip 192.168.1.0 255.255.255.0 192.168.200.0 255.255.255.0
Are you able to ping from 192.168.1.x to 192.168.200.x
????
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide