Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Cisco IPS 7.2 is unable to login (blocking host) ASA 5505 9.0(3) with SSH2

Ive been banging my head against this for awhile now and Im finally gonna reach out and ask for help. Ive been trying to get my IPS to issue shuns to my ASA. Im suspecting a cipher problem. The ASA uses TACACS for AAA and the TACACS server is saying "Bad password". Im able to login to the ASA with the IPS username/pass just fine. Output of ASA below.

 

SSH1: SSH client: IP = '10.1.6.50'  interface # = 3
SSH: host key initialised
SSH1: starting SSH control process
SSH1: Exchanging versions - SSH-2.0-Cisco-1.25

SSH1: send SSH message: outdata is NULL

server version string:SSH-2.0-Cisco-1.25SSH1: receive SSH message: 83 (83)
SSH1: client version is - SSH-2.0-OpenSSH_5.9

client version string:SSH-2.0-OpenSSH_5.9
SSH2 1: SSH2_MSG_KEXINIT sent
SSH2 1: SSH2_MSG_KEXINIT received
SSH2: kex: client->server aes128-cbc hmac-md5 none
SSH2: kex: server->client aes128-cbc hmac-md5 none
SSH2 1: expecting SSH2_MSG_KEXDH_INIT
SSH2 1: SSH2_MSG_KEXDH_INIT received
SSH2 1: signature length 143
SSH2: kex_derive_keys complete
SSH2 1: newkeys: mode 1
SSH2 1: SSH2_MSG_NEWKEYS sent
SSH2 1: waiting for SSH2_MSG_NEWKEYSSSH1: TCP read failed, error code = 0x86300003 "TCP connection closed"
SSH1: receive SSH message: [no message ID: variable *data is NULL]

SSH2 1: ssh_send unsuccessful
SSH2 0: Unexpected mesg type receivedSSH1: Session disconnected by SSH server - error 0x00 "Internal error"

 

 

Everyone's tags (1)
1 REPLY
Community Member

Help?

Help?

120
Views
0
Helpful
1
Replies
CreatePlease to create content