SSH Cisco ASA5505

Discussion in 'Cisco' started by Julius, Mar 14, 2008.

  1. Julius

    Julius Guest

    I have a new ASA5505 that I am using in transparent firewall mode.

    I can't figure out how to enable SSH and use it remotely?


    Any advice is appreciated!


    Thanks!
    Julius, Mar 14, 2008
    #1
    1. Advertising

  2. Julius

    Doan Guest

    On Fri, 14 Mar 2008, Julius wrote:

    > I have a new ASA5505 that I am using in transparent firewall mode.
    >
    > I can't figure out how to enable SSH and use it remotely?
    >
    >
    > Any advice is appreciated!
    >
    >
    > Thanks!


    First, generate your public/private keys with:
    crypto key generate rsa modulus <modulus_size>
    Second, enable ssh from the ip address that you wante to manage the ASS
    from.
    ssh <ip> <mask> outside

    The ip address of the BVI is the management ip address.

    Doan
    Doan, Mar 15, 2008
    #2
    1. Advertising

  3. Julius

    Julius Guest

    On Mar 14, 9:00 pm, Doan <> wrote:
    > On Fri, 14 Mar 2008, Julius wrote:
    > > I have a new ASA5505 that I am using in transparent firewall mode.

    >
    > > I can't figure out how to enable SSH and use it remotely?

    >
    > > Any advice is appreciated!

    >
    > > Thanks!

    >
    > First, generate your public/private keys with:
    > crypto key generate rsa modulus <modulus_size>
    > Second, enable ssh from the ip address that you wante to manage the ASS
    > from.
    > ssh <ip> <mask> outside
    >
    > The ip address of the BVI is the management ip address.
    >
    > Doan


    I have tried these steps and they only work on the inside interface. I
    am still not able to connect from the outside interface.

    I even tried

    ssh 0.0.0.0 0.0.0.0 outside

    and set a password.

    am i missing something?
    Julius, Apr 11, 2008
    #3
  4. Julius

    Doan Guest

    On Fri, 11 Apr 2008, Julius wrote:

    > On Mar 14, 9:00 pm, Doan <> wrote:
    > > On Fri, 14 Mar 2008, Julius wrote:
    > > > I have a new ASA5505 that I am using in transparent firewall mode.

    > >
    > > > I can't figure out how to enable SSH and use it remotely?

    > >
    > > > Any advice is appreciated!

    > >
    > > > Thanks!

    > >
    > > First, generate your public/private keys with:
    > > crypto key generate rsa modulus <modulus_size>
    > > Second, enable ssh from the ip address that you wante to manage the ASS
    > > from.
    > > ssh <ip> <mask> outside
    > >
    > > The ip address of the BVI is the management ip address.
    > >
    > > Doan

    >
    > I have tried these steps and they only work on the inside interface. I
    > am still not able to connect from the outside interface.
    >
    > I even tried
    >
    > ssh 0.0.0.0 0.0.0.0 outside
    >
    > and set a password.
    >
    > am i missing something?
    >

    Do you have an access-list on the outside interface? Check to see if you
    are allowing ssh in.

    Doan
    Doan, Apr 11, 2008
    #4
  5. Julius

    Cisco Kid

    Joined:
    May 12, 2009
    Messages:
    1
    SSH must be in ACL - How to add an ACE to the ACL

    Yes, you must add an ACE to the incoming ACL of the interface. To do this first use a "show run access-group" which will return:

    access-group [name] in interface [interface_name]

    where [name] is the name of the ACL. Next type "show access-list [name]" which will return something like:

    access-list [name]; 4 elements
    access-list [name] line 1 extended permit icmp any any echo-reply (hitcnt=0) 0xb4c01cc9
    access-list [name] line 2 extended permit icmp any any unreachable (hitcnt=210) 0x53e4469e
    access-list [name] line 3 extended permit icmp any any time-exceeded (hitcnt=0) 0x5e6e617b


    Notice that in this example the last line of the ACL is line 3. Yours will be different. Choose the next line, which in this example would be line 4. This will be the line number for your new ACE. Enter terminal configuration using "conf t" and then enter:

    access-list [name] line 4 extended permit tcp any host [external ip] eq ssh

    where [name] is the name of the ACL, the line number is whatever the next line in your ACL, and [external ip] is the external ip address of your ASA.


    Since you are using transparent mode, the external ip address is just the ip address or name of the interface to which you will SSH.
    Cisco Kid, May 12, 2009
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jporter67

    IPSec over NAT-T on Cisco ASA5505 mysteriously stops working

    Jporter67, Sep 1, 2009, in forum: General Computer Support
    Replies:
    0
    Views:
    2,619
    Jporter67
    Sep 1, 2009
  2. dingobang

    Cisco ASA5505 image won't load...!

    dingobang, Apr 7, 2010, in forum: Hardware
    Replies:
    0
    Views:
    2,673
    dingobang
    Apr 7, 2010
  3. eldo
    Replies:
    1
    Views:
    1,204
  4. eldo
    Replies:
    1
    Views:
    1,294
  5. Replies:
    0
    Views:
    1,341
Loading...

Share This Page