alanajjar Mon, 05/19/2008 - 06:35
User Badges:

Hi,

To enable ASA interfaces to reply on ping command, use the following command :


icmp permit ip_address net_mask [icmp_type] if_name


ip_address is the ips that will be allowed to ping.

icmp_type is the message type, its optional you can use any to enable all icmp messages.

if_name is the name of the interface which will be pinged.


example ,if you want to grant icmp on outside interface for host 10.1.1.1

then the command will be:


icmp permit host 10.1.1.1 outside


with regards

blue4cisco Mon, 05/19/2008 - 20:28
User Badges:

That's nice I try it.. can u tell me how do I access ASA cli mode remotely ?

alanajjar Mon, 05/19/2008 - 21:18
User Badges:

Hi,

You can access ASA CLI by using telnet or SSH. for telnet access configure these commands :


telnet ip_addr mask if_name


ip_address is the address or range of addresses that will grant access the ASA. example:


telnet 10.1.1.0 255.255.255.0 inside

to define password for telnet use the command :

passwd your_password


to use ssh, you need to define the following:

1- ssh ip_addr mask if_name

2- define a crypto key, use the command :

crypto key generate rsa general-keys

3- define the AAA authentication for users that will use ssh , use :


aaa authentication ssh console LOCAL


LOCAL word is case sensitive


4- define accounts for users to access the ASA :

username user password password


please rate the post if it solve the problem.


with regards

Actions

This Discussion