?
Solved

enable ssh problem in asa 5505

Posted on 2013-06-22
7
Medium Priority
?
495 Views
Last Modified: 2013-08-02
I have a ASA5505, i was trying to enable ssh in this firewall, when i type "crypto key

generate rsa 1024", the following error message appear  -  ERROR: % Invalid input detected

 at '^' marker  , anyone know what went wrong ?  i,m using version 8.2(1)



below is the configuration steps


interface Vlan1
 nameif inside
 security-level 100
 ip address xxxxx 255.255.255.0

interface Vlan2
 nameif outside
 security-level 0
 ip address xxxxx 255.255.255.240

interface Ethernet0/0
 switchport access vlan 2

interface Ethernet0/1
no shut

interface Ethernet0/2
no shut

route outside 0.0.0.0 0.0.0.0 xxxxx 1

ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 5

12.jpg
0
Comment
Question by:piaakit
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 57

Accepted Solution

by:
Pete Long earned 800 total points
ID: 39267909
what if you just

cry key gen rsa

instead?
0
 
LVL 57

Assisted Solution

by:Pete Long
Pete Long earned 800 total points
ID: 39267911
what is the up arrow '^' pointing to as the error?

Does it do the same in enable mode?
0
 
LVL 17

Assisted Solution

by:MAG03
MAG03 earned 1200 total points
ID: 39285653
you are missing the modulus keyword.

crypto key generate rsa modulus 1024

You also need to add a domain name and username and password.

domain-name DOMAIN.com

username USERNAME password PASSWORD

and then tell SSH to use the locally configure user (unless you are using RADIUS or TACACS+):

aaa authentication ssh console LOCAL

Keep in mind that LOCAL is case-sensitive.
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Author Comment

by:piaakit
ID: 39303519
Hi

        I have followed above, but i see below error, any idea ? and below is the setting of my ASA ,


asa

ciscoasa# sh run
: Saved
:
ASA Version 8.2(1)
!
hostname ciscoasa
domain-name it2u.com
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.11.1 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address 218.189.179.234 255.255.255.248
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
 shutdown
!
interface Ethernet0/3
 shutdown
!
interface Ethernet0/4
 shutdown
!
interface Ethernet0/5
 shutdown
!
interface Ethernet0/6
 shutdown
!
interface Ethernet0/7
 shutdown
!
ftp mode passive
dns server-group DefaultDNS
 domain-name it2u.com
pager lines 24
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
route outside 0.0.0.0 0.0.0.0 218.188.179.233 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
username CISCO password TYX7NfYD.Yf733Bn encrypted
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip
  inspect xdmcp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:d1f93c0d4adb93705c351aa1c5bb0d8f
: end
0
 
LVL 17

Assisted Solution

by:MAG03
MAG03 earned 1200 total points
ID: 39303766
does your PC have connectivity with the ASA?
0
 

Author Comment

by:piaakit
ID: 39314894
i have fixed above problem

what do i do if u want to do mapping below


210.1.1.2  map to internal ip  10.0.0.1   and want to open 80 port ,
0
 
LVL 17

Assisted Solution

by:MAG03
MAG03 earned 1200 total points
ID: 39315798
That is a completely different question as to what you originally asked, but I will answer anyway.

Are there any other ports mapped to the 10.0.0.1 server?

If not you can do the following. Create a NAT statement and then create an ACL on the outside interface (or the interface where this IP is configured).

nat (inside,outside) 210.1.1.2 10.0.0.1

access-list outside-to-inside extended permit tcp any host 210.1.1.2 eq 80
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question