alanajjar Mon, 05/19/2008 - 06:35
User Badges:


To enable ASA interfaces to reply on ping command, use the following command :

icmp permit ip_address net_mask [icmp_type] if_name

ip_address is the ips that will be allowed to ping.

icmp_type is the message type, its optional you can use any to enable all icmp messages.

if_name is the name of the interface which will be pinged.

example ,if you want to grant icmp on outside interface for host

then the command will be:

icmp permit host outside

with regards

blue4cisco Mon, 05/19/2008 - 20:28
User Badges:

That's nice I try it.. can u tell me how do I access ASA cli mode remotely ?

alanajjar Mon, 05/19/2008 - 21:18
User Badges:


You can access ASA CLI by using telnet or SSH. for telnet access configure these commands :

telnet ip_addr mask if_name

ip_address is the address or range of addresses that will grant access the ASA. example:

telnet inside

to define password for telnet use the command :

passwd your_password

to use ssh, you need to define the following:

1- ssh ip_addr mask if_name

2- define a crypto key, use the command :

crypto key generate rsa general-keys

3- define the AAA authentication for users that will use ssh , use :

aaa authentication ssh console LOCAL

LOCAL word is case sensitive

4- define accounts for users to access the ASA :

username user password password

please rate the post if it solve the problem.

with regards


This Discussion