Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

SSH stops in dual ISP setup

ASA 7.2(4)

I have (painfully!) sucessfully configured a site with dual ISP's, several site-to-site VPN's (that don't failover), inbound forwards, etc... The only remaining issue is SSH. Prior to adding a 2nd ISP, ssh on both inside and outside worked fine as expected. When both ISP interfaces are active and traffic is moving over the primary, SSH is "flakey" on all 3 interfaces. Monitoring tool shows it going up and down and is confirmed when I actually try to connect to it. Stumped. Sanitized config attached, but to me, the only relevant part is ...

ssh 0.0.0.0 0.0.0.0 inside

ssh 67.xxx.xxx.0 255.255.255.0 outside

ssh 67.xxx.xxx.0 255.255.255.0 cable

ssh timeout 15

I could possibly understand if the interface not currently being used timed out due to a lack of a route back, but all 3 interfaces are failing. As soon as one of the 2 wan interfaces is unplugged, ssh is fine on the other 2.

Thanks

Ed

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Bronze

SSH stops in dual ISP setup

yes, the return route could be an issue. I understand you are trying to SSH from the internet and not over the VPN tunnel.

Can you check if it behaves the same way when you try to access ASDM?

Can you console into the ASA and gather capture from ASA's both internet facing interfaces while you attempt SSH.

Mohit Paul CCIE-Security 35496 P.S Please do rate this post if you find it helpful to make it easier for others seeking answers to similar queries
1 REPLY
Bronze

SSH stops in dual ISP setup

yes, the return route could be an issue. I understand you are trying to SSH from the internet and not over the VPN tunnel.

Can you check if it behaves the same way when you try to access ASDM?

Can you console into the ASA and gather capture from ASA's both internet facing interfaces while you attempt SSH.

Mohit Paul CCIE-Security 35496 P.S Please do rate this post if you find it helpful to make it easier for others seeking answers to similar queries
864
Views
0
Helpful
1
Replies