Solved

enable ssh problem in asa 5505

Posted on 2013-06-22
7
466 Views
Last Modified: 2013-08-02
I have a ASA5505, i was trying to enable ssh in this firewall, when i type "crypto key

generate rsa 1024", the following error message appear  -  ERROR: % Invalid input detected

 at '^' marker  , anyone know what went wrong ?  i,m using version 8.2(1)



below is the configuration steps


interface Vlan1
 nameif inside
 security-level 100
 ip address xxxxx 255.255.255.0

interface Vlan2
 nameif outside
 security-level 0
 ip address xxxxx 255.255.255.240

interface Ethernet0/0
 switchport access vlan 2

interface Ethernet0/1
no shut

interface Ethernet0/2
no shut

route outside 0.0.0.0 0.0.0.0 xxxxx 1

ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 5

12.jpg
0
Comment
Question by:piaakit
  • 3
  • 2
  • 2
7 Comments
 
LVL 57

Accepted Solution

by:
Pete Long earned 200 total points
ID: 39267909
what if you just

cry key gen rsa

instead?
0
 
LVL 57

Assisted Solution

by:Pete Long
Pete Long earned 200 total points
ID: 39267911
what is the up arrow '^' pointing to as the error?

Does it do the same in enable mode?
0
 
LVL 17

Assisted Solution

by:MAG03
MAG03 earned 300 total points
ID: 39285653
you are missing the modulus keyword.

crypto key generate rsa modulus 1024

You also need to add a domain name and username and password.

domain-name DOMAIN.com

username USERNAME password PASSWORD

and then tell SSH to use the locally configure user (unless you are using RADIUS or TACACS+):

aaa authentication ssh console LOCAL

Keep in mind that LOCAL is case-sensitive.
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 

Author Comment

by:piaakit
ID: 39303519
Hi

        I have followed above, but i see below error, any idea ? and below is the setting of my ASA ,


asa

ciscoasa# sh run
: Saved
:
ASA Version 8.2(1)
!
hostname ciscoasa
domain-name it2u.com
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.11.1 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address 218.189.179.234 255.255.255.248
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
 shutdown
!
interface Ethernet0/3
 shutdown
!
interface Ethernet0/4
 shutdown
!
interface Ethernet0/5
 shutdown
!
interface Ethernet0/6
 shutdown
!
interface Ethernet0/7
 shutdown
!
ftp mode passive
dns server-group DefaultDNS
 domain-name it2u.com
pager lines 24
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
route outside 0.0.0.0 0.0.0.0 218.188.179.233 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
username CISCO password TYX7NfYD.Yf733Bn encrypted
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip
  inspect xdmcp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:d1f93c0d4adb93705c351aa1c5bb0d8f
: end
0
 
LVL 17

Assisted Solution

by:MAG03
MAG03 earned 300 total points
ID: 39303766
does your PC have connectivity with the ASA?
0
 

Author Comment

by:piaakit
ID: 39314894
i have fixed above problem

what do i do if u want to do mapping below


210.1.1.2  map to internal ip  10.0.0.1   and want to open 80 port ,
0
 
LVL 17

Assisted Solution

by:MAG03
MAG03 earned 300 total points
ID: 39315798
That is a completely different question as to what you originally asked, but I will answer anyway.

Are there any other ports mapped to the 10.0.0.1 server?

If not you can do the following. Create a NAT statement and then create an ACL on the outside interface (or the interface where this IP is configured).

nat (inside,outside) 210.1.1.2 10.0.0.1

access-list outside-to-inside extended permit tcp any host 210.1.1.2 eq 80
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Suggested Solutions

This article will cover setting up redundant ISPs for outbound connectivity on an ASA 5510 (although the same should work on the 5520s and up as well).  It’s important to note that this covers outbound connectivity only.  The ASA does not have built…
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now