Thanks a lot Jay - as always, you all guys are just great!
As I mentioned in one of my emails that few of these devices have been
working fine for months and all of a sudden, we lose access (both via SSH
and ASDM) - I guess I should look through logs to see if anyone changed
anything but for the most part nothing has been changed. Also source
network has not been changed either. In the past, I have been able to
restore access by once rebooting and second time by regenerating the RSA
key - I will give both a shot tomorrow but thought it can't hurt to ask the
group why it happens so frequently with ASAs (IOS issue or SSH? As per
TAC, this was the issue with SSH keys and not their hardware obviously
:)).. I will advise how my troubleshooting goes later on.
On Wed, Sep 4, 2013 at 9:44 PM, Jay McMickle <jay.mcmickle_at_yahoo.com> wrote:
> This could be a list of reasons. If we are sure that you've been able to
> connect to them via SSH/ASDM, and the access is sporadic, could it be the
> source network you are coming from? Do you have a backup config that would
> show the http server or ssh commands that would define the allowed sources?
>
> If it's possible that access is not working sporadically (whether it was
> working at one point or not), is it possible that someone added an SSL cert
> or changed the domain-name on the ASA and voided the ssh key?
>
> Is it possible that the transport has changed or that you use to access
> locally but now the access is over a L2L tunnel (known issue)?
>
> I can run through a list of reasons why this may not be working. When it.
> Ones down to it, you need a running config to troubleshoot, or at least a
> console connection to debug.
>
> Let the group know how we can help.
>
> Regards,
> Jay McMickle- 2x CCIE #35355 (R/S,Sec)
> Sent from my iPhone 5
>
> On Sep 4, 2013, at 4:36 PM, Anthony <anthonybonilla.ccie_at_gmail.com> wrote:
>
> > Yeah, I had access to devices before and nothing was changed before
> access was
> > lost :(
> >
> >
> > On Sep 4, 2013, at 5:28 PM, Haroon <itguy.pro_at_gmail.com> wrote:
> >
> >> your ip allowed to connect on ssh/asdm? telnet? management allowed on
> > interface you are trying to hit? need to do console one time to fix this
> one.
> >>
> >>
> >> On Wed, Sep 4, 2013 at 4:42 PM, Anthony Bonilla
> > <anthonybonilla.ccie_at_gmail.com> wrote:
> >>> Team,
> >>>
> >>> We have a whole bunch of Cisco ASA 5500 firewalls being used at head
> end
> >>> and at branches and at times, I have noticed that I am unable to
> connect
> > to
> >>> one of the remote devices via SSH and/or ASDM (it can't connect).
> >>> Apparently, rebooting the device does not help either. I was
> wondering if
> >>> anyone else has experienced this issue and if so, what is the best way
> to
> >>> resolve it? BTW, I don't have any remote console solutions for these
> >>> devices and have to get someone to console in to fix it but wondering
> if
> >>> there is a better way for me to take care of issue remotely or avoid
> >>> all together? Please let me know if possible. TIA.
> >>>
> >>> Tony
> >>>
> >>>
> >>> Blogs and organic groups at http://www.ccie.net
> >>>
> >>> _______________________________________________________________________
> >>> Subscription information may be found at:
> >>> http://www.groupstudy.com/list/CCIELab.html
> >>
> >>
> >>
> >> --
> >> Virtualization.net
> >> Post Jobs, News, Forums, Tutorials
> >> http://www.virtualization.net
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Wed Sep 04 2013 - 22:00:59 ART
This archive was generated by hypermail 2.2.0 : Tue Oct 01 2013 - 06:36:35 ART