topic SSH & ASDM access to 5520 in Network Security https://community.cisco.com/t5/network-security/ssh-asdm-access-to-5520/m-p/2219795#M347474 <P>After reading through several similar threads&nbsp; I believe I have everything setup correctly, but still can't get remote access to SSH or ASDM on my ASA 5520. I can ping the management IP; 10.192.6.15 from my work station IP; 10.192.6.22... I also ran the crypto generate rsa 1024. I'm sure I have missed something simple but I can't see it...&nbsp; Any help will be appreciated...</P><P></P><P>Here is my config, flash contents &amp; show version:</P><P></P><P><STRONG>ciscoasa# sh flash</STRONG></P><P>--#-- --length-- -----date/time------ path</P><P>&nbsp;&nbsp; 2 8192&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Jun 21 2013 11:34:54 log</P><P>&nbsp;&nbsp; 5 8192&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Jun 21 2013 11:35:04 crypto_archive</P><P>&nbsp;&nbsp; 11 8192&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Jun 21 2013 11:35:12 coredumpinfo</P><P>&nbsp;&nbsp; 12 59&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Jun 21 2013 11:35:12 coredumpinfo/coredump.cfg</P><P>&nbsp;&nbsp; 86 100&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Jun 21 2013 11:35:12 upgrade_startup_errors_201306211135.log</P><P>&nbsp;&nbsp; 87 24827904&nbsp;&nbsp; Jun 21 2013 13:34:38 asa846-k8.bin</P><P>&nbsp;&nbsp; 88 1520&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Jun 21 2013 14:04:00 7_0_6_0_startup_cfg.sav</P><P>&nbsp;&nbsp; 89 1138&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Jun 21 2013 14:04:02 upgrade_startup_errors_201306211404.log</P><P>&nbsp;&nbsp; 90 18097844&nbsp;&nbsp; Jun 21 2013 17:06:22 asdm-713.bin</P><P></P><P>255426560 bytes total (211935232 bytes free)</P><P></P><P><STRONG>ciscoasa# sh ver</STRONG></P><P></P><P>Cisco Adaptive Security Appliance Software Version 8.4(6) </P><P>Device Manager Version 7.1(3)</P><P></P><P>Compiled on Fri 26-Apr-13 09:00 by builders</P><P>System image file is "disk0:/asa846-k8.bin"</P><P>Config file at boot was "startup-config"</P><P></P><P>ciscoasa up 1 hour 48 mins</P><P></P><P>Hardware:&nbsp;&nbsp; ASA5520-K8, 2560 MB RAM, CPU Pentium 4 Celeron 2000 MHz</P><P>Internal ATA Compact Flash, 256MB</P><P>BIOS Flash M50FW080 @ 0xfff00000, 1024KB</P><P></P><P>Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Boot microcode&nbsp;&nbsp; : CN1000-MC-BOOT-2.00 </P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; IPSec microcode : CNlite-MC-IPSECm-MAIN-2.06</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Number of accelerators: 1</P><P></P><P> 0: Ext: GigabitEthernet0/0 : address is 001a.e268.48f8, irq 9</P><P> 1: Ext: GigabitEthernet0/1 : address is 001a.e268.48f9, irq 9</P><P> 2: Ext: GigabitEthernet0/2 : address is 001a.e268.48fa, irq 9</P><P> 3: Ext: GigabitEthernet0/3 : address is 001a.e268.48fb, irq 9</P><P> 4: Ext: Management0/0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : address is 001a.e268.48fc, irq 11</P><P> 5: Int: Not used&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : irq 11</P><P> 6: Int: Not used&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : irq 5</P><P></P><P>Licensed features for this platform:</P><P>Maximum Physical Interfaces&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : Unlimited&nbsp;&nbsp;&nbsp;&nbsp; perpetual</P><P>Maximum VLANs&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : 150&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; perpetual</P><P>Inside Hosts&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : Unlimited&nbsp;&nbsp;&nbsp;&nbsp; perpetual</P><P>Failover&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : Active/Active perpetual</P><P>VPN-DES&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : Enabled&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; perpetual</P><P>VPN-3DES-AES&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : Enabled&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; perpetual</P><P>Security Contexts&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : 2&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; perpetual</P><P>GTP/GPRS&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : Disabled&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; perpetual</P><P>AnyConnect Premium Peers&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : 2&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; perpetual</P><P>AnyConnect Essentials&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : Disabled&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; perpetual</P><P>Other VPN Peers&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : 750&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; perpetual</P><P>Total VPN Peers&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : 750&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; perpetual</P><P>Shared License&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : Disabled&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; perpetual</P><P>AnyConnect for Mobile&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : Disabled&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; perpetual</P><P>AnyConnect for Cisco VPN Phone&nbsp;&nbsp; : Disabled&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; perpetual</P><P>Advanced Endpoint Assessment&nbsp;&nbsp;&nbsp;&nbsp; : Disabled&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; perpetual</P><P>UC Phone Proxy Sessions&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : 2&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; perpetual</P><P>Total UC Proxy Sessions&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : 2&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; perpetual</P><P>Botnet Traffic Filter&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : Disabled&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; perpetual</P><P>Intercompany Media Engine&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : Disabled&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; perpetual</P><P></P><P>This platform has an ASA 5520 VPN Plus license.</P><P></P><P>Serial Number: &lt;&lt;REDACTED&gt;&gt;</P><P>Running Permanent Activation Key: &lt;&lt;REDACTED&gt;&gt; </P><P>Configuration register is 0x2001</P><P>Configuration last modified by enable_15 at 16:18:36.929 UTC Tue Jun 25 2013</P><P></P><P><STRONG>ciscoasa# sh run</STRONG></P><P>: Saved</P><P>:</P><P>ASA Version 8.4(6) </P><P>!</P><P>hostname ciscoasa</P><P>enable password &lt;&lt;REDACTED&gt;&gt;&nbsp; encrypted</P><P>passwd &lt;&lt;REDACTED&gt;&gt;&nbsp; encrypted</P><P>names</P><P>dns-guard</P><P>!</P><P>interface GigabitEthernet0/0</P><P> no nameif</P><P> security-level 100</P><P> no ip address</P><P>!</P><P>interface GigabitEthernet0/1</P><P> shutdown</P><P> no nameif</P><P> no security-level</P><P> no ip address</P><P>!</P><P>interface GigabitEthernet0/2</P><P> shutdown</P><P> no nameif</P><P> no security-level</P><P> no ip address</P><P>!</P><P>interface GigabitEthernet0/3</P><P> shutdown</P><P> no nameif</P><P> no security-level</P><P> no ip address</P><P>!</P><P><STRONG>interface Management0/0</STRONG></P><P><STRONG> nameif management</STRONG></P><P><STRONG> security-level 100</STRONG></P><P><STRONG> ip address 10.192.6.15 255.255.255.0 </STRONG></P><P> <STRONG>management-only</STRONG></P><P>!</P><P>boot system disk0:/asa846-k8.bin</P><P>ftp mode passive</P><P>pager lines 50</P><P>logging enable</P><P>logging monitor debugging</P><P>logging trap debugging</P><P>logging asdm debugging</P><P>mtu management 1500</P><P>no failover</P><P>icmp unreachable rate-limit 1 burst-size 1</P><P>asdm image disk0:/asdm-713.bin</P><P>no asdm history enable</P><P>arp timeout 14400</P><P>no arp permit-nonconnected</P><P>timeout xlate 3:00:00</P><P>timeout pat-xlate 0:00:30</P><P>timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02</P><P>timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00</P><P>timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00</P><P>timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute</P><P>timeout tcp-proxy-reassembly 0:01:00</P><P>timeout floating-conn 0:00:00</P><P>dynamic-access-policy-record DfltAccessPolicy</P><P>user-identity default-domain LOCAL</P><P>aaa authentication ssh console LOCAL </P><P>http server enable</P><P>http 10.192.6.26 255.255.255.255 management</P><P>http 10.192.6.46 255.255.255.255 management</P><P><STRONG>http 10.192.6.22 255.255.255.255 management</STRONG></P><P>no snmp-server location</P><P>no snmp-server contact</P><P>snmp-server enable traps snmp authentication linkup linkdown coldstart</P><P>telnet timeout 5</P><P><STRONG>ssh 10.192.6.22 255.255.255.255 management</STRONG></P><P>ssh 10.192.6.46 255.255.255.255 management</P><P>ssh 10.192.6.26 255.255.255.255 management</P><P>ssh timeout 60</P><P>ssh key-exchange group dh-group1-sha1</P><P>console timeout 0</P><P>threat-detection basic-threat</P><P>threat-detection statistics port</P><P>threat-detection statistics protocol</P><P>threat-detection statistics access-list</P><P>threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200</P><P>webvpn</P><P>username jherbert password &lt;&lt;REDACTED&gt;&gt; encrypted privilege 15</P><P>!</P><P>prompt hostname context </P><P>no call-home reporting anonymous</P><P>hpm topN enable</P><P>Cryptochecksum:20c0c291a4843991840c05d48104bc85</P><P>: end</P> Tue, 12 Mar 2019 02:02:43 GMT jr.herbert 2019-03-12T02:02:43Z SSH & ASDM access to 5520 https://community.cisco.com/t5/network-security/ssh-asdm-access-to-5520/m-p/2219795#M347474 <P>After reading through several similar threads&nbsp; I believe I have everything setup correctly, but still can't get remote access to SSH or ASDM on my ASA 5520. I can ping the management IP; 10.192.6.15 from my work station IP; 10.192.6.22... I also ran the crypto generate rsa 1024. I'm sure I have missed something simple but I can't see it...&nbsp; Any help will be appreciated...</P><P></P><P>Here is my config, flash contents &amp; show version:</P><P></P><P><STRONG>ciscoasa# sh flash</STRONG></P><P>--#-- --length-- -----date/time------ path</P><P>&nbsp;&nbsp; 2 8192&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Jun 21 2013 11:34:54 log</P><P>&nbsp;&nbsp; 5 8192&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Jun 21 2013 11:35:04 crypto_archive</P><P>&nbsp;&nbsp; 11 8192&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Jun 21 2013 11:35:12 coredumpinfo</P><P>&nbsp;&nbsp; 12 59&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Jun 21 2013 11:35:12 coredumpinfo/coredump.cfg</P><P>&nbsp;&nbsp; 86 100&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Jun 21 2013 11:35:12 upgrade_startup_errors_201306211135.log</P><P>&nbsp;&nbsp; 87 24827904&nbsp;&nbsp; Jun 21 2013 13:34:38 asa846-k8.bin</P><P>&nbsp;&nbsp; 88 1520&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Jun 21 2013 14:04:00 7_0_6_0_startup_cfg.sav</P><P>&nbsp;&nbsp; 89 1138&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Jun 21 2013 14:04:02 upgrade_startup_errors_201306211404.log</P><P>&nbsp;&nbsp; 90 18097844&nbsp;&nbsp; Jun 21 2013 17:06:22 asdm-713.bin</P><P></P><P>255426560 bytes total (211935232 bytes free)</P><P></P><P><STRONG>ciscoasa# sh ver</STRONG></P><P></P><P>Cisco Adaptive Security Appliance Software Version 8.4(6) </P><P>Device Manager Version 7.1(3)</P><P></P><P>Compiled on Fri 26-Apr-13 09:00 by builders</P><P>System image file is "disk0:/asa846-k8.bin"</P><P>Config file at boot was "startup-config"</P><P></P><P>ciscoasa up 1 hour 48 mins</P><P></P><P>Hardware:&nbsp;&nbsp; ASA5520-K8, 2560 MB RAM, CPU Pentium 4 Celeron 2000 MHz</P><P>Internal ATA Compact Flash, 256MB</P><P>BIOS Flash M50FW080 @ 0xfff00000, 1024KB</P><P></P><P>Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Boot microcode&nbsp;&nbsp; : CN1000-MC-BOOT-2.00 </P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; IPSec microcode : CNlite-MC-IPSECm-MAIN-2.06</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Number of accelerators: 1</P><P></P><P> 0: Ext: GigabitEthernet0/0 : address is 001a.e268.48f8, irq 9</P><P> 1: Ext: GigabitEthernet0/1 : address is 001a.e268.48f9, irq 9</P><P> 2: Ext: GigabitEthernet0/2 : address is 001a.e268.48fa, irq 9</P><P> 3: Ext: GigabitEthernet0/3 : address is 001a.e268.48fb, irq 9</P><P> 4: Ext: Management0/0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : address is 001a.e268.48fc, irq 11</P><P> 5: Int: Not used&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : irq 11</P><P> 6: Int: Not used&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : irq 5</P><P></P><P>Licensed features for this platform:</P><P>Maximum Physical Interfaces&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : Unlimited&nbsp;&nbsp;&nbsp;&nbsp; perpetual</P><P>Maximum VLANs&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : 150&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; perpetual</P><P>Inside Hosts&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : Unlimited&nbsp;&nbsp;&nbsp;&nbsp; perpetual</P><P>Failover&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : Active/Active perpetual</P><P>VPN-DES&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : Enabled&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; perpetual</P><P>VPN-3DES-AES&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : Enabled&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; perpetual</P><P>Security Contexts&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : 2&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; perpetual</P><P>GTP/GPRS&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : Disabled&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; perpetual</P><P>AnyConnect Premium Peers&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : 2&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; perpetual</P><P>AnyConnect Essentials&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : Disabled&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; perpetual</P><P>Other VPN Peers&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : 750&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; perpetual</P><P>Total VPN Peers&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : 750&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; perpetual</P><P>Shared License&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : Disabled&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; perpetual</P><P>AnyConnect for Mobile&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : Disabled&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; perpetual</P><P>AnyConnect for Cisco VPN Phone&nbsp;&nbsp; : Disabled&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; perpetual</P><P>Advanced Endpoint Assessment&nbsp;&nbsp;&nbsp;&nbsp; : Disabled&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; perpetual</P><P>UC Phone Proxy Sessions&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : 2&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; perpetual</P><P>Total UC Proxy Sessions&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : 2&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; perpetual</P><P>Botnet Traffic Filter&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : Disabled&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; perpetual</P><P>Intercompany Media Engine&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : Disabled&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; perpetual</P><P></P><P>This platform has an ASA 5520 VPN Plus license.</P><P></P><P>Serial Number: &lt;&lt;REDACTED&gt;&gt;</P><P>Running Permanent Activation Key: &lt;&lt;REDACTED&gt;&gt; </P><P>Configuration register is 0x2001</P><P>Configuration last modified by enable_15 at 16:18:36.929 UTC Tue Jun 25 2013</P><P></P><P><STRONG>ciscoasa# sh run</STRONG></P><P>: Saved</P><P>:</P><P>ASA Version 8.4(6) </P><P>!</P><P>hostname ciscoasa</P><P>enable password &lt;&lt;REDACTED&gt;&gt;&nbsp; encrypted</P><P>passwd &lt;&lt;REDACTED&gt;&gt;&nbsp; encrypted</P><P>names</P><P>dns-guard</P><P>!</P><P>interface GigabitEthernet0/0</P><P> no nameif</P><P> security-level 100</P><P> no ip address</P><P>!</P><P>interface GigabitEthernet0/1</P><P> shutdown</P><P> no nameif</P><P> no security-level</P><P> no ip address</P><P>!</P><P>interface GigabitEthernet0/2</P><P> shutdown</P><P> no nameif</P><P> no security-level</P><P> no ip address</P><P>!</P><P>interface GigabitEthernet0/3</P><P> shutdown</P><P> no nameif</P><P> no security-level</P><P> no ip address</P><P>!</P><P><STRONG>interface Management0/0</STRONG></P><P><STRONG> nameif management</STRONG></P><P><STRONG> security-level 100</STRONG></P><P><STRONG> ip address 10.192.6.15 255.255.255.0 </STRONG></P><P> <STRONG>management-only</STRONG></P><P>!</P><P>boot system disk0:/asa846-k8.bin</P><P>ftp mode passive</P><P>pager lines 50</P><P>logging enable</P><P>logging monitor debugging</P><P>logging trap debugging</P><P>logging asdm debugging</P><P>mtu management 1500</P><P>no failover</P><P>icmp unreachable rate-limit 1 burst-size 1</P><P>asdm image disk0:/asdm-713.bin</P><P>no asdm history enable</P><P>arp timeout 14400</P><P>no arp permit-nonconnected</P><P>timeout xlate 3:00:00</P><P>timeout pat-xlate 0:00:30</P><P>timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02</P><P>timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00</P><P>timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00</P><P>timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute</P><P>timeout tcp-proxy-reassembly 0:01:00</P><P>timeout floating-conn 0:00:00</P><P>dynamic-access-policy-record DfltAccessPolicy</P><P>user-identity default-domain LOCAL</P><P>aaa authentication ssh console LOCAL </P><P>http server enable</P><P>http 10.192.6.26 255.255.255.255 management</P><P>http 10.192.6.46 255.255.255.255 management</P><P><STRONG>http 10.192.6.22 255.255.255.255 management</STRONG></P><P>no snmp-server location</P><P>no snmp-server contact</P><P>snmp-server enable traps snmp authentication linkup linkdown coldstart</P><P>telnet timeout 5</P><P><STRONG>ssh 10.192.6.22 255.255.255.255 management</STRONG></P><P>ssh 10.192.6.46 255.255.255.255 management</P><P>ssh 10.192.6.26 255.255.255.255 management</P><P>ssh timeout 60</P><P>ssh key-exchange group dh-group1-sha1</P><P>console timeout 0</P><P>threat-detection basic-threat</P><P>threat-detection statistics port</P><P>threat-detection statistics protocol</P><P>threat-detection statistics access-list</P><P>threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200</P><P>webvpn</P><P>username jherbert password &lt;&lt;REDACTED&gt;&gt; encrypted privilege 15</P><P>!</P><P>prompt hostname context </P><P>no call-home reporting anonymous</P><P>hpm topN enable</P><P>Cryptochecksum:20c0c291a4843991840c05d48104bc85</P><P>: end</P> Tue, 12 Mar 2019 02:02:43 GMT https://community.cisco.com/t5/network-security/ssh-asdm-access-to-5520/m-p/2219795#M347474 jr.herbert 2019-03-12T02:02:43Z SSH & ASDM access to 5520 https://community.cisco.com/t5/network-security/ssh-asdm-access-to-5520/m-p/2219796#M347485 <HTML><HEAD></HEAD><BODY><P>Hello, </P><P></P><P>Did you try removing the commands? If not, please remove the SSH and HTTP commands and re-add them. </P><P></P><P>Also you can try the "clear config ssl" to set the SSL values to defaults. </P><P></P><P>Regards,</P><P>Juan Lombana</P><P></P><P>Please rate helpful posts.</P></BODY></HTML> Tue, 25 Jun 2013 19:26:25 GMT https://community.cisco.com/t5/network-security/ssh-asdm-access-to-5520/m-p/2219796#M347485 julomban 2013-06-25T19:26:25Z SSH & ASDM access to 5520 https://community.cisco.com/t5/network-security/ssh-asdm-access-to-5520/m-p/2219797#M347498 <HTML><HEAD></HEAD><BODY><P><SPAN style="font-size: 10pt;">Try adding "</SPAN><SPAN style="font-size: 10pt;">ssl encryption des-sha1 aes256-sha1</SPAN><SPAN style="font-size: 10pt;">" for your ASDM issue.</SPAN></P><P></P><P><SPAN style="font-size: 10pt;">I'm not sure what's going on with your ssh. Are there any log messages your attempts at ssh access fails?</SPAN></P></BODY></HTML> Wed, 26 Jun 2013 02:01:31 GMT https://community.cisco.com/t5/network-security/ssh-asdm-access-to-5520/m-p/2219797#M347498 Marvin Rhoads 2013-06-26T02:01:31Z SSH & ASDM access to 5520 https://community.cisco.com/t5/network-security/ssh-asdm-access-to-5520/m-p/2219798#M347509 <HTML><HEAD></HEAD><BODY><P>hi,</P><P></P><P>you SSH config looks ok. could you post<STRONG> show crypto key mypubkey rsa</STRONG>?</P><P></P><P>try to remove your RSA keys using <STRONG>crypto key zeroize rsa default</STRONG> and then regenerate them again.</P><P></P><P>for your ASDM, try using ASDM 7.1(2.102). see compatibility matrix:</P><P></P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/security/asa/compatibility/asamatrx.html">http://www.cisco.com/en/US/docs/security/asa/compatibility/asamatrx.html</A></P></BODY></HTML> Wed, 26 Jun 2013 15:51:09 GMT https://community.cisco.com/t5/network-security/ssh-asdm-access-to-5520/m-p/2219798#M347509 johnlloyd_13 2013-06-26T15:51:09Z