ssh remote access on Cisco ASA5510
Hi,
Can anyone help me to configure ssh remote access on the outside interface?
Ive managed to set it up easily on our PIX 506E but on the ASA its proving extremely dificult...
im sure im just fogetting something very basic but can think what???
Thanks!
Craig
Can anyone help me to configure ssh remote access on the outside interface?
Ive managed to set it up easily on our PIX 506E but on the ASA its proving extremely dificult...
im sure im just fogetting something very basic but can think what???
Thanks!
Craig
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I don't remember very well, but for accessing by ssh on it we had to create a new ssl certified (an option on security) or something like this.
ASKER
Hi Irmoore,
just tried to use "ca generate rsa key 1024"
the following was displayed:
"WARNING: the 'ca' command syntax has been deprecated
Please use the 'crypto key generate' command."
so now im entering the following: (to see what options i get)
crypto key genrate rsa ?
its giving me the following options:
general-keys
label
modulus
noconfirm
usage-keys
which one should i use? - general-keys or usage-keys?
thanks! :-)
just tried to use "ca generate rsa key 1024"
the following was displayed:
"WARNING: the 'ca' command syntax has been deprecated
Please use the 'crypto key generate' command."
so now im entering the following: (to see what options i get)
crypto key genrate rsa ?
its giving me the following options:
general-keys
label
modulus
noconfirm
usage-keys
which one should i use? - general-keys or usage-keys?
thanks! :-)
You must first configure this hostname and domain-name in order to generate crypotokeys:
router# config term
Router(config)#hostname [name]
Router(config)#ip domain-name [name]
router(config)#crypto key generate rsa usage-keys label [router-key]
The name for the keys will be: router-key
Choose the size of the key modulus in the range of 360 to 2048 for your
Signature Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 1024
Choose the size of the key modulus in the range of 360 to 2048 for your
Encryption Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
router#sh ip ssh
SSH Enabled - version 1.99
Authentication timeout: 120 secs; Authentication retries: 3
router#
...I think tha's all
router# config term
Router(config)#hostname [name]
Router(config)#ip domain-name [name]
router(config)#crypto key generate rsa usage-keys label [router-key]
The name for the keys will be: router-key
Choose the size of the key modulus in the range of 360 to 2048 for your
Signature Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 1024
Choose the size of the key modulus in the range of 360 to 2048 for your
Encryption Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
router#sh ip ssh
SSH Enabled - version 1.99
Authentication timeout: 120 secs; Authentication retries: 3
router#
...I think tha's all
ASKER
does it matter that its a cisco asa firewall and not a router as in your example?
as the "show ip ssh" command doesnt work.
as the "show ip ssh" command doesnt work.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thats it sorted!!! :)
thanks so much guys for all your help!
CRaig
thanks so much guys for all your help!
CRaig
You are welcome. Pleased to help