Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

enable ssh problem in asa 5505

Posted on 2013-06-22
7
Medium Priority
?
497 Views
Last Modified: 2013-08-02
I have a ASA5505, i was trying to enable ssh in this firewall, when i type "crypto key

generate rsa 1024", the following error message appear  -  ERROR: % Invalid input detected

 at '^' marker  , anyone know what went wrong ?  i,m using version 8.2(1)



below is the configuration steps


interface Vlan1
 nameif inside
 security-level 100
 ip address xxxxx 255.255.255.0

interface Vlan2
 nameif outside
 security-level 0
 ip address xxxxx 255.255.255.240

interface Ethernet0/0
 switchport access vlan 2

interface Ethernet0/1
no shut

interface Ethernet0/2
no shut

route outside 0.0.0.0 0.0.0.0 xxxxx 1

ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 5

12.jpg
0
Comment
Question by:piaakit
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 57

Accepted Solution

by:
Pete Long earned 800 total points
ID: 39267909
what if you just

cry key gen rsa

instead?
0
 
LVL 57

Assisted Solution

by:Pete Long
Pete Long earned 800 total points
ID: 39267911
what is the up arrow '^' pointing to as the error?

Does it do the same in enable mode?
0
 
LVL 17

Assisted Solution

by:Marius Gunnerud
Marius Gunnerud earned 1200 total points
ID: 39285653
you are missing the modulus keyword.

crypto key generate rsa modulus 1024

You also need to add a domain name and username and password.

domain-name DOMAIN.com

username USERNAME password PASSWORD

and then tell SSH to use the locally configure user (unless you are using RADIUS or TACACS+):

aaa authentication ssh console LOCAL

Keep in mind that LOCAL is case-sensitive.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:piaakit
ID: 39303519
Hi

        I have followed above, but i see below error, any idea ? and below is the setting of my ASA ,


asa

ciscoasa# sh run
: Saved
:
ASA Version 8.2(1)
!
hostname ciscoasa
domain-name it2u.com
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.11.1 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address 218.189.179.234 255.255.255.248
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
 shutdown
!
interface Ethernet0/3
 shutdown
!
interface Ethernet0/4
 shutdown
!
interface Ethernet0/5
 shutdown
!
interface Ethernet0/6
 shutdown
!
interface Ethernet0/7
 shutdown
!
ftp mode passive
dns server-group DefaultDNS
 domain-name it2u.com
pager lines 24
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
route outside 0.0.0.0 0.0.0.0 218.188.179.233 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
username CISCO password TYX7NfYD.Yf733Bn encrypted
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip
  inspect xdmcp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:d1f93c0d4adb93705c351aa1c5bb0d8f
: end
0
 
LVL 17

Assisted Solution

by:Marius Gunnerud
Marius Gunnerud earned 1200 total points
ID: 39303766
does your PC have connectivity with the ASA?
0
 

Author Comment

by:piaakit
ID: 39314894
i have fixed above problem

what do i do if u want to do mapping below


210.1.1.2  map to internal ip  10.0.0.1   and want to open 80 port ,
0
 
LVL 17

Assisted Solution

by:Marius Gunnerud
Marius Gunnerud earned 1200 total points
ID: 39315798
That is a completely different question as to what you originally asked, but I will answer anyway.

Are there any other ports mapped to the 10.0.0.1 server?

If not you can do the following. Create a NAT statement and then create an ACL on the outside interface (or the interface where this IP is configured).

nat (inside,outside) 210.1.1.2 10.0.0.1

access-list outside-to-inside extended permit tcp any host 210.1.1.2 eq 80
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question