Problem with sending SSH2 traffic over a site-to-site VPN using a Cisco PIX and a Cisco ASA
Posted on 2010-01-08
I am trying to send SSH2 traffic over a site-to-site VPN connection, using a Cisco PIX on the tunnel-origination side, and a Cisco ASA on the remote side. The Cisco PIX is running IOS version 6.3(5). The ASA is running IOS 7.2.
To give some background, the VPN is configured so that when someone on the PIX side attempts a connection, their traffic is forwarded to a TACACS server which prompts them for their company network username and password. Once the person successfully enters their credentials, the traffic is then sent back to the PIX and the tunnel is initiated. This works fine with a telnet connection attempt.
With an SSH connection attempt (we use SSH2), we do not receive the prompt to authenticate with our network username and password, but only receive the message 'Failed to connect.' We are attemtping the SSH connection using the SmarTerm terminal emulator (version 13.0.0).
When I do a 'debug SSH' on the PIX and then try the SSH connection, nothing is reported on the PIX, as if the traffic didn't even hit the PIX.
My network group tells me the core switch, which passes the traffic between the PIX and TACACS server, does not discriminate between telnet and SSH traffic.
Do I need to enable SSH on the PIX? If so, do you know how? I searched Cisco's documentation on their web site but saw nothing about enabling SSH on a PIX.
Any thoughts on this one are appreciated.