Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1507
Views
0
Helpful
9
Replies

Unable to SSH from Outside to ASA 5520

Pratik Prajapati
Level 1
Level 1

‎02-09-2012 10:39 AM - edited ‎03-11-2019 03:27 PM

I am unable to ssh to the cisco firewall from outside. Though when i telnet on port 22, i do get a reply Please see below.

Capture30.PNG

Below is my config

aaa authentication ssh console LOCAL

ssh 0.0.0.0 0.0.0.0 inside

ssh 0.0.0.0 0.0.0.0 outside

ssh timeout 5

console timeout 0

When i do a putty session i get a blank screen. Not sure why is it happening.

Labels:
0 Helpful
9 Replies 9

Kimberly Adams
Level 3
Level 3

‎02-09-2012 10:45 AM

Try adding the specific networks that are allowed to ssh to the inside and outside of your ASA.

Thanks,

Kimberly

Thanks and Cheers! Kimberly Please remember to rate helpful posts.
0 Helpful

tahequivoice
Level 2
Level 2

‎02-09-2012 10:50 AM

Did you generate the RSA key?  I find myself forgetting that one stinking thing and get locked out since I only use SSH.

cry key gen rsa mod 2048

0 Helpful

Pratik Prajapati
Level 1
Level 1

‎02-09-2012 10:55 AM

I did generate RSA key but i used 1024.

Also ssh works from inside. Only outside is the problem.

I tried adding specific networks too but no luck.

0 Helpful

ahmad82pkn
Level 2
Level 2
In response to Pratik Prajapati

‎02-09-2012 10:56 AM

any ACL on outside interface?

0 Helpful

varrao
Level 10
Level 10
In response to ahmad82pkn

‎02-09-2012 11:03 AM

Plz check if port 22 is used on the outside interface for any other service...

Chcek "show asp table socket".

Thanks,

Varun

Thanks,
Varun Rao
0 Helpful

Pratik Prajapati
Level 1
Level 1

‎02-09-2012 11:11 AM

below is the output of 'show asp table socket'

Protocol  Socket    Local Address               Foreign Address         State

SSL       0000a73f  192.168.6.1:443             0.0.0.0:*               LISTEN

TCP       0ad7604f  192.168.7.1:22              0.0.0.0:*               LISTEN

TCP       0ad7a17f  204.138.112.2:22            0.0.0.0:*               LISTEN

TCP       0ad7d1ef  192.168.6.1:23              0.0.0.0:*               LISTEN

TCP       0ad85148  192.168.7.1:22              192.168.7.10:49964      ESTAB

0 Helpful

tahequivoice
Level 2
Level 2
In response to Pratik Prajapati

‎02-09-2012 11:14 AM

What version IOS is it running and how long has it been up?   There are a couple versions out that have an issue with SSH that I ran into that show this problem, a reboot normally clears it up.

0 Helpful

varrao
Level 10
Level 10
In response to tahequivoice

‎02-09-2012 11:19 AM

Yes, a reboot might help or remove the outside interface ssh configuration, zeroise the crypto keys, the generate the rsa keys again and re-add the ssh outisde interface configuration.

Thanks,

Varun

Thanks,
Varun Rao
0 Helpful

Pratik Prajapati
Level 1
Level 1

‎02-14-2012 09:57 AM

This is funny. We had a crypto map for some reason for that network thats why i wasnt able to do an ssh. but it works now. Thanks Guys.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card