Sounds good. We'll be here when you're ready!
Cheers.
Regards,
Jay McMickle- 2x CCIE #35355 (R/S,Sec)
Sent from my iPhone 5
On Sep 4, 2013, at 9:00 PM, Anthony Bonilla <anthonybonilla.ccie_at_gmail.com>
wrote:
> Thanks a lot Jay - as always, you all guys are just great!
>
> As I mentioned in one of my emails that few of these devices have been
working fine for months and all of a sudden, we lose access (both via SSH and
ASDM) - I guess I should look through logs to see if anyone changed anything
but for the most part nothing has been changed. Also source network has not
been changed either. In the past, I have been able to restore access by once
rebooting and second time by regenerating the RSA key - I will give both a
shot tomorrow but thought it can't hurt to ask the group why it happens so
frequently with ASAs (IOS issue or SSH? As per TAC, this was the issue with
SSH keys and not their hardware obviously :)).. I will advise how my
troubleshooting goes later on.
>
>
> On Wed, Sep 4, 2013 at 9:44 PM, Jay McMickle <jay.mcmickle_at_yahoo.com>
wrote:
>> This could be a list of reasons. If we are sure that you've been able to
connect to them via SSH/ASDM, and the access is sporadic, could it be the
source network you are coming from? Do you have a backup config that would
show the http server or ssh commands that would define the allowed sources?
>>
>> If it's possible that access is not working sporadically (whether it was
working at one point or not), is it possible that someone added an SSL cert or
changed the domain-name on the ASA and voided the ssh key?
>>
>> Is it possible that the transport has changed or that you use to access
locally but now the access is over a L2L tunnel (known issue)?
>>
>> I can run through a list of reasons why this may not be working. When it.
Ones down to it, you need a running config to troubleshoot, or at least a
console connection to debug.
>>
>> Let the group know how we can help.
>>
>> Regards,
>> Jay McMickle- 2x CCIE #35355 (R/S,Sec)
>> Sent from my iPhone 5
>>
>> On Sep 4, 2013, at 4:36 PM, Anthony <anthonybonilla.ccie_at_gmail.com> wrote:
>>
>> > Yeah, I had access to devices before and nothing was changed before
access was
>> > lost :(
>> >
>> >
>> > On Sep 4, 2013, at 5:28 PM, Haroon <itguy.pro_at_gmail.com> wrote:
>> >
>> >> your ip allowed to connect on ssh/asdm? telnet? management allowed on
>> > interface you are trying to hit? need to do console one time to fix this
one.
>> >>
>> >>
>> >> On Wed, Sep 4, 2013 at 4:42 PM, Anthony Bonilla
>> > <anthonybonilla.ccie_at_gmail.com> wrote:
>> >>> Team,
>> >>>
>> >>> We have a whole bunch of Cisco ASA 5500 firewalls being used at head
end
>> >>> and at branches and at times, I have noticed that I am unable to
connect
>> > to
>> >>> one of the remote devices via SSH and/or ASDM (it can't connect).
>> >>> Apparently, rebooting the device does not help either. I was wondering
if
>> >>> anyone else has experienced this issue and if so, what is the best way
to
>> >>> resolve it? BTW, I don't have any remote console solutions for these
>> >>> devices and have to get someone to console in to fix it but wondering
if
>> >>> there is a better way for me to take care of issue remotely or avoid
>> >>> all together? Please let me know if possible. TIA.
>> >>>
>> >>> Tony
>> >>>
>> >>>
>> >>> Blogs and organic groups at http://www.ccie.net
>> >>>
>> >>>
Received on Wed Sep 04 2013 - 21:04:47 ART
This archive was generated by hypermail 2.2.0 : Tue Oct 01 2013 - 06:36:35 ART