I haven't changed the config since last night (but the tunnel has been brought down and back up again due to a router reboot) and I'm back to getting instant "Connection resets" when I try and connect to the ASA inside interface IP across the VPN. I can SSH to the internet IP (true outside) of the ASA without issue with just "ssh 255.255.255.255 outside"
It would appear that the connection to port 22 (SSH) on the ASA is torn down immediately - hence the "Connection Reset" message.
#Ssh tunnel manager Pc#
Not sure if this is relevant but these appear to be the pertinent lines from my debug log when I try and make a connection from my PC at the remote end of the tunnel (10.0.0.125) to the ASA (10.27.0.1):
I am unable to SSH to the ASA from the 10.0.0.x range, but I can SSH to a machine on 10.27.0.4 (so I know the tunnel is up and working)Ĭonfig (minus irrelevant sensitive information) is attached for reference.Īlso - though I'm not sure how relevant it is given the tunnels appear to work - when I enter the line "crypto map meepnet-map interface outside" in config mode the ASA reports "WARNING: The crypto map entry is incomplete!" even though I have supplied the access-list, peer and transform-set variables. I had always presumed that traffic over an established IPSEC tunnel was implicitly trusted and not subject to usual access-list rules. It seems as if the ASA is actively refusing the connection, though the log doesn't state this. Unfortunately when I try and SSH to the ASA the connection just resets instantly even when the tunnel is up. Just bought myself an ASA5505 to replace a PIX 501, and having transferred over most of the previous config I've managed to get the two IPSEC VPN tunnels working as before.
0 kommentar(er)
