Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

ssh over vpn cisco

ssh over vpn cisco

ssh over vpn cisco

Hello, i have a problem with the connection ssh v2 throught my cisco ASA, sometimes the connection of the ssh disconnected from the servers , we use VPN IPSEC and use it to connect to the server in the main office.

this is the configuration:
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 2:10:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

Even the timeout conn is 1 hour the connection go down before that time, I dont know if this IOS version ASA804-k8 , has a bug and we are losing some connection, also we connect from windows XP 64bits to the server Linux, there is no timeout time configured in the server linux.

RE: ssh over vpn cisco

Well the connection value on the ASA (timeout conn 1:00:00) is only for idle time so I'm guessing that won't be a factor here.

I would start by checking the logs on the server (if they exist) and the logs on the ASA. Bump up the logging to level 7 and send it to a syslog server with the following commands:


logging enable
logging host inside <IP address>
logging trap 7
I quickly perused the Cisco bug toolkit for any SSH-related items on ASA 8.x but came up dry when I specifically looked for your issue.

You should also check the interfaces on the intermediary devices (switches/routers) for resets, link flaps, etc...

Network Engineer - CCNA

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close