Solved: Re: ssh connection probelm on ASA.

johnyoon75 · ‎04-01-2006

hello,

I've configured to connect outside using ssh ver 1/2 on ASA. but i can't connect using SecureCRT and PuTTY ssh client software..

Additionally, I tred to connect outside of ASA from router witch ssh command.

but the result is the same..

Here is configuration on ASA.

Let me know why i can't connect ASA's outside interface.

ASA Version 7.1(2)

!

hostname ASA-5540

domain-name cisco.com

enable password xxxx

names

!

interface GigabitEthernet0/0

description *** Outside ***

nameif outside

security-level 0

ip address 192.168.200.2 255.255.255.0

!

interface GigabitEthernet0/1

description *** Inside ***

nameif inside

security-level 100

ip address 192.168.100.2 255.255.255.0

!

interface GigabitEthernet0/2

shutdown

no nameif

no security-level

no ip address

!

interface GigabitEthernet0/3

shutdown

no nameif

no security-level

no ip address

!

interface Management0/0

description ** Management Only ***

nameif Management

security-level 0

ip address 192.168.250.2 255.255.255.0

management-only

!

passwd xxxx

boot system disk0:/asa712-k8.bin

ftp mode passive

dns server-group DefaultDNS

domain-name cisco.com

same-security-traffic permit inter-interface

pager lines 24

logging enable

logging asdm debugging

logging debug-trace

mtu outside 1500

mtu inside 1500

mtu Management 1500

no failover

asdm image disk0:/asdm512.bin

no asdm history enable

arp timeout 14400

route outside 0.0.0.0 0.0.0.0 192.168.200.1 1

route inside 172.16.0.0 255.255.0.0 192.168.100.1 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00

timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

username xxxx password xxxx

privilege 15

username xxxx password xxxx privilege 15

http server enable

http 0.0.0.0 0.0.0.0 outside

http 0.0.0.0 0.0.0.0 inside

http 0.0.0.0 0.0.0.0 Management

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

telnet 0.0.0.0 0.0.0.0 inside

telnet 0.0.0.0 0.0.0.0 Management

telnet timeout 5

ssh 0.0.0.0 0.0.0.0 outside

ssh timeout 60

console timeout 0

management-access Management

!

class-map inspection_default

match default-inspection-traffic

!

policy-map global_policy

class inspection_default

inspect dns maximum-length 512

inspect ftp

inspect h323 h225

inspect h323 ras

inspect netbios

inspect rsh

inspect rtsp

inspect skinny

inspect esmtp

inspect sqlnet

inspect sunrpc

inspect tftp

inspect sip

inspect xdmcp

!

service-policy global_policy global

ssl encryption des-sha1 rc4-md5

Cryptochecksum:xxxx

: end

[[[ Router ]]]

router#ssh -c des -l cisco 192.168.200.2

Password:

% Authentication failed.

[Connection to 192.168.200.2 closed by foreign host]

router#

jaydhindsa · ‎04-03-2006

You have to specify authentication method.

aaa authentication ssh console LOCAL

for example.

ssh x.x.x.x x.x.x. inside|outside for added security

Hope this helps,

Thx

Jay

View solution in original post

davidecooper1967 · ‎04-03-2006

Did you generate a key on the asa for the SSH?

crypto key generate rsa

Shot in the dark but I have seen it before.

DC

davidecooper1967 · ‎04-03-2006

Scratch that last response. I see at the bottom of your post you are at least getting a password prompt. You probably need to set up the authentication for SSH

aaa authentication ssh console LOCAL

DC

johnyoon75 · ‎04-05-2006

Thank your for your helping.

I forgot the configuration...

Thank you.

jaydhindsa · ‎04-03-2006

You have to specify authentication method.

aaa authentication ssh console LOCAL

for example.

ssh x.x.x.x x.x.x. inside|outside for added security

Hope this helps,

Thx

Jay

johnyoon75 · ‎04-05-2006

Thank your for your helping.

I forgot the configuration...

Thank you.