04-01-2006 06:09 AM
hello,
I've configured to connect outside using ssh ver 1/2 on ASA. but i can't connect using SecureCRT and PuTTY ssh client software..
Additionally, I tred to connect outside of ASA from router witch ssh command.
but the result is the same..
Here is configuration on ASA.
Let me know why i can't connect ASA's outside interface.
ASA Version 7.1(2)
!
hostname ASA-5540
domain-name cisco.com
enable password xxxx
names
!
interface GigabitEthernet0/0
description *** Outside ***
nameif outside
security-level 0
ip address 192.168.200.2 255.255.255.0
!
interface GigabitEthernet0/1
description *** Inside ***
nameif inside
security-level 100
ip address 192.168.100.2 255.255.255.0
!
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
description ** Management Only ***
nameif Management
security-level 0
ip address 192.168.250.2 255.255.255.0
management-only
!
passwd xxxx
boot system disk0:/asa712-k8.bin
ftp mode passive
dns server-group DefaultDNS
domain-name cisco.com
same-security-traffic permit inter-interface
pager lines 24
logging enable
logging asdm debugging
logging debug-trace
mtu outside 1500
mtu inside 1500
mtu Management 1500
no failover
asdm image disk0:/asdm512.bin
no asdm history enable
arp timeout 14400
route outside 0.0.0.0 0.0.0.0 192.168.200.1 1
route inside 172.16.0.0 255.255.0.0 192.168.100.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
username xxxx password xxxx
privilege 15
username xxxx password xxxx privilege 15
http server enable
http 0.0.0.0 0.0.0.0 outside
http 0.0.0.0 0.0.0.0 inside
http 0.0.0.0 0.0.0.0 Management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet 0.0.0.0 0.0.0.0 inside
telnet 0.0.0.0 0.0.0.0 Management
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 60
console timeout 0
management-access Management
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
service-policy global_policy global
ssl encryption des-sha1 rc4-md5
Cryptochecksum:xxxx
: end
[[[ Router ]]]
router#ssh -c des -l cisco 192.168.200.2
Password:
% Authentication failed.
[Connection to 192.168.200.2 closed by foreign host]
router#
Solved! Go to Solution.
04-03-2006 12:25 PM
You have to specify authentication method.
aaa authentication ssh console LOCAL
for example.
ssh x.x.x.x x.x.x. inside|outside for added security
Hope this helps,
Thx
Jay
04-03-2006 06:39 AM
Did you generate a key on the asa for the SSH?
crypto key generate rsa
Shot in the dark but I have seen it before.
DC
04-03-2006 09:56 AM
Scratch that last response. I see at the bottom of your post you are at least getting a password prompt. You probably need to set up the authentication for SSH
aaa authentication ssh console LOCAL
DC
04-05-2006 01:01 AM
Thank your for your helping.
I forgot the configuration...
Thank you.
04-03-2006 12:25 PM
You have to specify authentication method.
aaa authentication ssh console LOCAL
for example.
ssh x.x.x.x x.x.x. inside|outside for added security
Hope this helps,
Thx
Jay
04-05-2006 01:02 AM
Thank your for your helping.
I forgot the configuration...
Thank you.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: