https://community.cisco.com/t5/network-security/could-not-configure-ssh-on-asa5515/m-p/2147726#M360722 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>I dont remember what the default setting for interface ICMP was BUT</P><P></P><P>You could try the command</P><P></P><P><STRONG>icmp permit any inside</STRONG></P><P></P><P>Where are you PING/ICMP the ASA interface from?</P><P></P><P></P><P></P><P>To connect to that interface with SSH you need the configuration you mentioned</P><P></P><P><STRONG>ssh <NETWORK> <MASK> inside</MASK></NETWORK></STRONG></P><P></P><P>This defines that hosts from<STRONG> <NETWORK> <MASK></MASK></NETWORK></STRONG> can connect to the ASA with SSH as long as they are from behind the interface <STRONG>"inside"<BR /></STRONG></P><P></P><P>- Jouni</P></BODY></HTML> Wed, 06 Mar 2013 14:19:17 GMT Jouni Forss 2013-03-06T14:19:17Z https://community.cisco.com/t5/network-security/could-not-configure-ssh-on-asa5515/m-p/2147723#M360717 <P>Hello,</P><P></P><P>We using a ASA 5515 with following software :</P><P><SPAN style="font-family: 'courier new', courier; font-size: 8pt;">[...]</SPAN></P><P><SPAN style="font-family: 'courier new', courier; font-size: 8pt;">Cisco Adaptive Security Appliance Software Version 9.1(1) </SPAN></P><P><SPAN style="font-family: 'courier new', courier; font-size: 8pt;">Device Manager Version 7.1(1)52</SPAN></P><P></P><P><SPAN style="font-family: 'courier new', courier; font-size: 8pt;">Compiled on Wed 28-Nov-12 11:15 PST by builders</SPAN></P><P><SPAN style="font-family: 'courier new', courier; font-size: 8pt;">System image file is "disk0:/asa911-smp-k8.bin"</SPAN></P><P><SPAN style="font-family: 'courier new', courier; font-size: 8pt;">[...]</SPAN></P><P></P><P>We need two things and it is for this purpose that we don't use the management0/0 because is management only</P><P></P><P><STRONG>1)&nbsp; </STRONG>use a interface to intern traffic</P><P></P><P><SPAN style="font-family: 'courier new', courier; font-size: 8pt;"># sh run int gi1/0</SPAN></P><P><SPAN style="font-family: 'courier new', courier; font-size: 8pt;">!</SPAN></P><P><SPAN style="font-family: 'courier new', courier; font-size: 8pt;">interface GigabitEthernet1/0</SPAN></P><P><SPAN style="font-family: 'courier new', courier; font-size: 8pt;"> description Intern Net</SPAN></P><P><SPAN style="font-family: 'courier new', courier; font-size: 8pt;"> no nameif</SPAN></P><P><SPAN style="font-family: 'courier new', courier; font-size: 8pt;"> security-level 100</SPAN></P><P><SPAN style="font-family: 'courier new', courier; font-size: 8pt;"> ip address 192.16x.x.10 255.255.255.0 standby 192.16x.x.11 </SPAN></P><P></P><P>But the firewall itself could not ping this interface?</P><P></P><P><STRONG>2) </STRONG>use this interface to connect through ssh to :</P><P></P><P><SPAN style="font-family: 'courier new', courier; font-size: 10px;">hostname(config)# crypto key generate rsa modulus 1024</SPAN></P><PRE style="font-size: 10px;"><P style="text-align: left;"><SPAN style="font-family: 'courier new', courier;">hostname(config)# write memory</SPAN></P><P style="text-align: left;"><SPAN style="font-family: 'courier new', courier;">hostname(config)# aaa authentication ssh console LOCAL</SPAN></P><P style="text-align: left;"><SPAN style="font-family: 'courier new', courier;">hostname(config)# username exampleuser1 password examplepassword1</SPAN></P><P style="text-align: left;"><SPAN style="font-family: 'courier new', courier;"><BR /></SPAN></P><P>all itself cuold not ping this interface?</P><P></P><P style="text-align: left;"><SPAN style="font-family: 'courier new', courier;">hostname(config)# ssh 192.168.1.2 255.255.255.255 inside</SPAN></P><BR /></PRE><P></P><P>The ssh command could only be configure for a configured's interface the aren't value like<STRONG> inside</STRONG> or <STRONG>outside </STRONG>? where could I find these?</P><P></P><P>As someone an ideas what it these probelm?</P><P></P><P>Thank you a lot</P> Tue, 12 Mar 2019 01:10:25 GMT https://community.cisco.com/t5/network-security/could-not-configure-ssh-on-asa5515/m-p/2147723#M360717 blankguy7 2019-03-12T01:10:25Z https://community.cisco.com/t5/network-security/could-not-configure-ssh-on-asa5515/m-p/2147724#M360718 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>You have configured no "nameif" for the interface.</P><P></P><P>This is essential for the interface to work</P><P></P><P><STRONG>EDIT:</STRONG> Then again what is the interface which is reference in the other command as "inside"?</P><P></P><P>- Jouni</P></BODY></HTML> Wed, 06 Mar 2013 14:03:23 GMT https://community.cisco.com/t5/network-security/could-not-configure-ssh-on-asa5515/m-p/2147724#M360718 Jouni Forss 2013-03-06T14:03:23Z https://community.cisco.com/t5/network-security/could-not-configure-ssh-on-asa5515/m-p/2147725#M360720 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Thank you very much for your help!</P><P>Ok, I've configured the nameif as "<STRONG>inside</STRONG>" and yet I could ping it.</P><P>Now, when I configure <SPAN style="font-family: 'courier new', courier; font-size: 8pt;">ssh <SUBNET> <MASK></MASK></SUBNET></SPAN> I put here the name of interface namely "<STRONG>inside</STRONG>". It is right so?</P><P></P><P>Best regards,</P></BODY></HTML> Wed, 06 Mar 2013 14:14:47 GMT https://community.cisco.com/t5/network-security/could-not-configure-ssh-on-asa5515/m-p/2147725#M360720 blankguy7 2013-03-06T14:14:47Z https://community.cisco.com/t5/network-security/could-not-configure-ssh-on-asa5515/m-p/2147726#M360722 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>I dont remember what the default setting for interface ICMP was BUT</P><P></P><P>You could try the command</P><P></P><P><STRONG>icmp permit any inside</STRONG></P><P></P><P>Where are you PING/ICMP the ASA interface from?</P><P></P><P></P><P></P><P>To connect to that interface with SSH you need the configuration you mentioned</P><P></P><P><STRONG>ssh <NETWORK> <MASK> inside</MASK></NETWORK></STRONG></P><P></P><P>This defines that hosts from<STRONG> <NETWORK> <MASK></MASK></NETWORK></STRONG> can connect to the ASA with SSH as long as they are from behind the interface <STRONG>"inside"<BR /></STRONG></P><P></P><P>- Jouni</P></BODY></HTML> Wed, 06 Mar 2013 14:19:17 GMT https://community.cisco.com/t5/network-security/could-not-configure-ssh-on-asa5515/m-p/2147726#M360722 Jouni Forss 2013-03-06T14:19:17Z https://community.cisco.com/t5/network-security/could-not-configure-ssh-on-asa5515/m-p/2147727#M360724 <HTML><HEAD></HEAD><BODY><P>It's works... thank you and have a nice day</P></BODY></HTML> Wed, 06 Mar 2013 14:20:55 GMT https://community.cisco.com/t5/network-security/could-not-configure-ssh-on-asa5515/m-p/2147727#M360724 blankguy7 2013-03-06T14:20:55Z