This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

SSH Connection problem via Cloud Identity-Aware Proxy failed 4003

Posted on 08-04-2023 04:43 AM
SametSuzuki
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hiya guys, I created a VM yesterday until tomorrow today at morning I tried to access the SSH login and got an error saying:

 

Connection via Cloud Identity-Aware Proxy failed
Code: 4003 Reason: failed to connect to backend Please ensure that: - your user account has iap.tunnelInstances.accessViaIAP permission - VM has a firewall rule that allows TCP ingress traffic from the IP range 35.235.240.0/20, port: 22 – you can make a proper https connection to the IAP for TCP hostname: tunnel cloudproxy app You may be able to connect without using the Cloud Identity-Aware Proxy.
 
I tried to follow this FAQ of firewall rules and added port 22 and RDP 3389. Still not working.
2 3 5,159
Topic Labels
3 REPLIES 3

Posted on --/--/---- --:-- AM
DamianS
Gold 2
Gold 2
Reply posted on --/--/---- --:-- AM

Hi,

1. Check if your FW is configured properly = FW ingress rule should contain this IP 35.235.240.0/20 and port 22. 
2. Check whether you have proper IAM permissions : IAP-secured Tunnel User assigned at your principal.
3. Check whether this API is enabled Cloud Identity-Aware Proxy API

DamianS_0-1691151361439.png

 

cheers,
DamianS



Posted on --/--/---- --:-- AM
SametSuzuki
Bronze 1
Bronze 1
In response to DamianS
Reply posted on --/--/---- --:-- AM

Never mind, I found out that I didn't add UFW as port 22 so I've decided to use Serial Console and am able to add `sudo ufw 22` and then reload, now SSH is allowed to log in again.

 

I've marked this thread as solved. I just solved problem myself.

Posted on --/--/---- --:-- AM
smandava_ops
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi Guys,

I tried to access the SSH login and got an error saying:

Connection via Cloud Identity-Aware Proxy failed
Code: 4003 Reason: failed to connect to backend Please ensure that: - your user account has iap.tunnelInstances.accessViaIAP permission - VM has a firewall rule that allows TCP ingress traffic from the IP range 35.235.240.0/20, port: 22 – you can make a proper https connection to the IAP for TCP hostname: tunnel cloudproxy app You may be able to connect without using the Cloud Identity-Aware Proxy.

Top Labels in this Space
Top Solution Authors
View all