08-05-2008 06:44 AM - edited 03-11-2019 06:25 AM
Hi,
When I try to ssh to a certain host my connection gets denied for some reason.
I get the following error message:
6 Aug 05 2008 14:26:37 106015 192.168.1.31 192.168.200.2 Deny TCP (no connection) from 192.168.1.31/46587 to 192.168.200.2/22 flags RST on interface inside
The security appliance discarded a TCP packet that has no associated connection in the security appliance table
Any ideas?
08-05-2008 06:56 AM
Check you access-lists
08-05-2008 07:00 AM
I'm not sure the access list are at fault here. Could you be a bit more specific?
08-05-2008 07:03 AM
I have seen this in two instances:-
1) A acl on the inside interface blocking ssh access to a host beyond the pix/asa - hence the rst.
2) You are actually trying to ssh to the pix/asa and you have not configured ssh access on the inside interface, the pix/asa will send a rst and not just drop.
I am presuming that it's not option 2, so I would double check acl's.
HTH>
08-05-2008 07:01 AM
can u put ur ACL and nat config
08-05-2008 11:19 PM
08-06-2008 12:07 AM
since you change the NAT from the inside to the DMZ - did you perform a "clear xlate" ?
Are the relevant services on the machine actually running - have you performed a packet capture on the reomte machine to see if the requests are actually hitting it?
Do you see any hit counters on the acl:-
access-list inside_access_in extended permit ip 192.168.1.0 255.255.255.0 192.168.200.0 255.255.255.0
Are you able to ping from 192.168.1.x to 192.168.200.x
????
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: