With an ASA is there a way for it to allow scp(port 22) traffic from a host to another host but deny ssh(port 22)? Obviously this an encrypted protocol but I do not know if there is some difference between the two that can be matched.
This is quite tricky but SCP is a protocol which uses SSH for data transfers. As per my knowledge it cannot be seperated. Rather SSH can be limited on the end devices or you can make the different port number to use SCP transfers.
A Quick and Brief information on how SCP works:
Normally, a client initiates an SSH connection to the remote host, and requests an SCP process to be started on the remote server. The remote SCP process can operate in one of two modes: source mode, which reads files (usually from disk) and sends them back to the client, or sink mode, which accepts the files sent by the client and writes them (usually to disk) on the remote host. For most SCP clients, source mode is generally triggered with the -f flag (from), while sink mode is triggered with -t (to). These flags are used internally and are not documented outside the SCP source code.
I do not believe what you want to do is possible while keeping port 22 in use for both. I suggest changing the port used for either SSH or SCP and then deny the port that the SSH protocol uses (22 unless that is the one you changed).
Please remember to select a correct answer and rate helpful posts
Please remember to rate and select a correct answer
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :