Guest

Preview Tool

Cisco Bug: CSCta05045 - ASA - SSH to mgmt via vpn can fail.

Last Modified

Jan 24, 2018

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

8.0(4)

Description (partial)

Symptom:

SSH might not work on the Management interface when connected via VPN. 
In the logs you see this:

%ASA-7-609001: Built local-host identity:192.168.0.2
%ASA-6-302013: Built inbound TCP connection 1156 for management:192.168.1.5/1526 
(192.168.1.5/1526) to identity:192.168.0.2/22 (192.168.0.2/22) (cisco-ldap)
%ASA-6-302014: Teardown TCP connection 1156 for management:192.168.1.5/1526 to identity:192.168.0.2/22 duration 0:00:00 bytes 0 Flow terminated by TCP Intercept (cisco-ldap)
%ASA-7-609002: Teardown local-host identity:192.168.0.2 duration 0:00:00
%ASA-7-609001: Built local-host identity:192.168.0.2
%ASA-6-302013: Built inbound TCP connection 1157 for management:192.168.1.5/1526 (192.168.1.5/1526) to identity:192.168.0.2/22 (192.168.0.2/22) (cisco-ldap)
%ASA-6-302014: Teardown TCP connection 1157 for management:192.168.1.5/1526 to identity:192.168.0.2/22 duration 0:00:00 bytes 0 TCP Reset-I (cisco-ldap)
%ASA-7-609002: Teardown local-host identity:192.168.0.2 duration 0:00:00
ASA(config)#
Conditions:

It is not very well known what lead to this condition. This can happen only if the ssh is done via VPN. SSH to the interface itself works fine.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.