MezzutOzil
asked on
Why the ASA firewall not accessible by ssh or telnet?
This is using ASA 5505 firewall, with both ssh and telnet configured to allow access from Internet. There is a router supporting in front of the firewall. This router is 1941, with both ssh and telnet are accessible from Internet. Currently, firewall can allow users to surf internet. The problem is my global support team can't ssh/telnet to the firewall from Internet, why?
Please see the config files
asa5505-config.txt
router1941-config.txt
Please see the config files
asa5505-config.txt
router1941-config.txt
ASKER
Hi erniebeek,
still the same. This time round, when trying the ssh, I can see the ssh version, but not user name prompt...
still the same. This time round, when trying the ssh, I can see the ssh version, but not user name prompt...
Ok,
What if you try to set up an ssh from the router to the firewall?
What if you try to set up an ssh from the router to the firewall?
ASKER
hi erniebeek,
only see the SSH > SSH-1.99-Cisco-1.25
only see the SSH > SSH-1.99-Cisco-1.25
ASKER
Hi erniebeek,
Any access list has to set on the router interface(s)?
Any access list has to set on the router interface(s)?
No, it's just routing so it should pass everything through.
I'm curious about that response though. What command did you gave on the router to connect to the firewall? Could you show a screendump?
I'm curious about that response though. What command did you gave on the router to connect to the firewall? Could you show a screendump?
ASKER
Please see the updated asa 5505 config file...
asa5505-config2.txt
asa5505-config2.txt
ASKER
Hi erniebeek,
I'm sorry, I don't really get you, can you tell in more details?
I'm sorry, I don't really get you, can you tell in more details?
When you log on to the router and from there try to set up an SSH session to the firewall, like:
ssh -l ciscoadmin x.x.x.x with x.x.x.x being the public ip of the ASA
What do you see?
ssh -l ciscoadmin x.x.x.x with x.x.x.x being the public ip of the ASA
What do you see?
ASKER
Hi erniebeek,
I can connect to the firewall ASA without problem...
I can connect to the firewall ASA without problem...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Excellence!
Ah so the ISP did it :)
Glad it's solved. Thx for the points.
Glad it's solved. Thx for the points.
username test password test123
And tell the ASA to use local authentication:
aaa authentication ssh console LOCAL
Then a domain name:
domain-name mydomain.com
And create an RSA key:
crypto key generate rsa modulus 1024
Let's see how things go then.