Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Unable to SSH

I am not able to SSH to the outside interface of the ASA when I login to VPN client.  I belong to tech support group.  Can you help me?  Please let me know if you need additional information.  Attached is the config file.  Thanks.

4 REPLIES
New Member

Re: Unable to SSH

Try SSH to the inside interface instead.

New Member

Re: Unable to SSH

your 'ssh x.x.x.0 255.255.255.0 Outside'   doesnt match your ip local pool vpnpool 192.168.101.1-192.168.101.250 mask 255.255.255.0 and since you are vpn'd in you must be getting an IP from that pool ?

New Member

Re: Unable to SSH

Thanks both of you.  I added "ssh 192.168.101.0 255.255.255.0 Inside".  I was able to SSH to the inside interface when I login to VPN client.

May I ask you another question?   Since I allow the VPN pool to SSH to the ASA, it means all VPN users can SSH to the ASA.   Will it create a security issue to the ASA?  Would you setup this way?  I want to be able to do administration when I login to VPN client.  Thanks.

New Member

Re: Unable to SSH

Yes, you are correct this could be considered insecure.

Since you are defining the users locally why not assign your username a static IP (192.168.1.250) from the IP Pool  and be sure to edit the pool to end at .249

use the 'vpn-framed-ip-address' command

"   Enter the IP address and the net mask to be assigned to the client"

CiscoASA#1(config-username)# vpn-framed-ip-address ?

username mode commands/options:
  A.B.C.D  The IP address to be assigned to the client

After taking care of that change your ssh/http(ASDM)  permissions to only allow the single host.instead of the range.

Good luck.

222
Views
12
Helpful
4
Replies