Issues with ssh/telnet via clientless vpn (java.io.IOException)
Good afternoon, everyone!
I just got a new Cisco ASA 5505 that we are going to use as a multi-purpose VPN concentrator for our organization. I have worked with ASA 5510 and 5520s before, so my expertise level is pretty high, but this one has me stumped.
Basically, I can log into my ASA's clientless vpn interface, select the ssh/telnet plugin, put in an address, but when I try to connect to a host on the inside network, it fails giving the error message "Sorry. Cound not connect to: <target ip> 23. Reason: java.io.IOException: Connection Failed."
I verified that the target devices have telnet and/or ssh open (I get the same error using either telnet or ssh to a suitable target). I have a laptop on the inside VLAN of the 5505 and it has a DHCP addrass from the ASA and the laptop can connect fine.
ASA version: 8.2.5
ASDM version: 6.4.5
So, what am I doing wrong?
Redacted configuration below:
enable password #### encrypted
passwd #### encrypted
switchport access vlan 2
ip address 172.16.255.235 255.255.248.0
ip address 20.###.###.24 255.255.255.224
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns domain-lookup outside
dns server-group DefaultDNS
access-list outside_access_in extended permit icmp any any echo
access-list outside_access_in extended permit icmp any any echo-reply
access-list outside_access_in extended permit tcp any any eq https
access-list outside_access_in remark ike key exchange
access-list outside_access_in extended permit udp any any eq isakmp
access-list outside_access_in remark ipsec nat-t
access-list outside_access_in extended permit udp any any eq 4500
access-list outside_access_in remark l2tp
access-list outside_access_in extended permit udp any any eq 1701
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool confusedcomvpnpool 172.16.255.238-172.16.255.245 mask 255.255.248.0
ip verify reverse-path interface outside
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
access-group outside_access_in in interface outside
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...