I'm not sure what's missing here. I moved a FW over the weekend and now only have console access. It's a 5520 running 8.0(3). From the config I have the usual:
ssh scopy enable
ssh 10.x.0.0 255.255.0.0 Axx
ssh timeout 10
ssh version 2
telnet 10.x.0.0 255.255.0.0 Axx
telnet timeout 120
- I've zeroized and regenerated the rsa key.
- The Axx int is up and up and I can ping it from the 10.x.0.0 network. Axx is also the inside interface security-100. Managemnet0/0 is in shutdown
The following logs are generated when telneting and ssh respectively (same except for d-port):
17:03:03: %ASA-6-302013: Built inbound TCP connection 8100 for ASG:10.x.14.14/1898 (10.x.14.14/1898) to NP Identity Ifc:10.x.109.10/23 (10.x.109.10/23)
17:03:03: %ASA-6-302014: Teardown TCP connection 8100 for ASG:10.x.14.14/1898 to NP Identity Ifc:10.x.109.10/23 duration 0:00:00 bytes 0 TCP Reset-I
17:19:41: %ASA-6-302013: Built inbound TCP connection 8270 for ASG:10.x.0.60/33251 (10.x.0.60/33251) to NP Identity Ifc:10.x.109.10/22 (10.x.109.10/22)
17:19:41: %ASA-6-302014: Teardown TCP connection 8270 for ASG:10.x.0.60/33251 to NP Identity Ifc:10.x.109.10/22 duration 0:00:00 bytes 0 TCP Reset-I
From PuTTY I just get "Network error: Software caused connection abort". From OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003 I get a "ssh_exchange_identification: read: Connection reset by peer" and back to bash prompt
Both these clients worked fine on this FW before the power-down and move and still work on all other ASAs and PIXs and ... Very little luck finding anything on Web.
SSH2 0: Unexpected mesg type receivedSSH0: Session disconnected by SSH server - error 0x00 "Internal error"
... but as it's a/hrs here I thought "stuff it" and rebooted. It is not the first time it has gone down since the weekend tho. Then when I tried my trusty linux SSH I was again denied but this time with the good looking "WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!"
I deleted the key in known_hosts and now I am back in. But I don't understand it as telnet would not work either, now it does of course.
I hate 'fixing' things with a reboot ... it's so, like, microsoft :)
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...