11-16-2009 03:16 AM
I have a pair of ISG 2000 firewalls in active passive mode, and have an issue with SSH on the passive device.
All SSH works perfectly to the active device, and I can connect and authenticate successfully to the passive device.
But...as soon as I connect responsiveness is extremely slow and when I run a get conf for example i get partial output and it closes the SSH session with Message Authentication Code Data Intregrity failure error message.
'Message Authentication Code did not verify (packet #51). Data Integrity has been comprimised.'
I have tried this from different clients machines using both Putty and SecureCRT and have the same result, so Im pretty convinced this is a problem with the device.
SSH is configured correctly on both devices, and I have tried to remove/recreate the host keys and this has not resolved the issue.
FW(M)-> get ssh
SSH V2 is active
SSH is enabled
SSH is ready for connections
Maximum sessions: 24
12-01-2009 02:23 AM
i had already run the debug and from the output didnt find anything out the ordinary.
Turns out this is not just an SSH issue though, during testing we failed over to the passive device to prove redundancy is working as expected, and as soon as it becomes the active device we are seeing more than 50% packet loss.
Looks like faulty hardware, will update when clarified.