cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1193
Views
0
Helpful
1
Replies

SSH stops in dual ISP setup

cuchara61
Level 1
Level 1

ASA 7.2(4)

I have (painfully!) sucessfully configured a site with dual ISP's, several site-to-site VPN's (that don't failover), inbound forwards, etc... The only remaining issue is SSH. Prior to adding a 2nd ISP, ssh on both inside and outside worked fine as expected. When both ISP interfaces are active and traffic is moving over the primary, SSH is "flakey" on all 3 interfaces. Monitoring tool shows it going up and down and is confirmed when I actually try to connect to it. Stumped. Sanitized config attached, but to me, the only relevant part is ...

ssh 0.0.0.0 0.0.0.0 inside

ssh 67.xxx.xxx.0 255.255.255.0 outside

ssh 67.xxx.xxx.0 255.255.255.0 cable

ssh timeout 15

I could possibly understand if the interface not currently being used timed out due to a lack of a route back, but all 3 interfaces are failing. As soon as one of the 2 wan interfaces is unplugged, ssh is fine on the other 2.

Thanks

Ed

1 Accepted Solution

Accepted Solutions

mopaul
Cisco Employee
Cisco Employee

yes, the return route could be an issue. I understand you are trying to SSH from the internet and not over the VPN tunnel.

Can you check if it behaves the same way when you try to access ASDM?

Can you console into the ASA and gather capture from ASA's both internet facing interfaces while you attempt SSH.

Mohit Paul CCIE-Security 35496 P.S Please do rate this post if you find it helpful to make it easier for others seeking answers to similar queries

View solution in original post

1 Reply 1

mopaul
Cisco Employee
Cisco Employee

yes, the return route could be an issue. I understand you are trying to SSH from the internet and not over the VPN tunnel.

Can you check if it behaves the same way when you try to access ASDM?

Can you console into the ASA and gather capture from ASA's both internet facing interfaces while you attempt SSH.

Mohit Paul CCIE-Security 35496 P.S Please do rate this post if you find it helpful to make it easier for others seeking answers to similar queries
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: