cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5057
Views
0
Helpful
13
Replies

ASA5505 Console Issue

edwardre1
Level 1
Level 1

Hi All,

When I run an ASA command via CLI menu option of the Java ASDM 6.2 for ASA V8.2 1, it does not let me interact with the console response.

for example: i ran the command:-

crypto key generate rsa label sslvpnkeypair

and I could not reply yes or no .

i have attached a screen shot showing the issue

Should I be accessign the ASM console via something else?

thank you

1 Accepted Solution

Accepted Solutions

No problem.. and glad to hear everything is ok.

Please kindly mark the post as answered so others can learn from your post. Thank you.

View solution in original post

13 Replies 13

Jennifer Halim
Cisco Employee
Cisco Employee

yes, unfortunately ASDM console CLI does not allow interaction with command as it doesn't prompt you back to enter yes or no.

You can run the same command with "noconfirm" keyword at the end to surpress that.

Eg: crypto key generate rsa label sslvpnkeypair noconfirm

That will allow the key to be generated automatically, and ASA won't ask confirmation of yes or not for the action.

Hope this helps.

That's great! I will try that.

is there another way of accessing the ASA console? I heard somewhere that people use ssh or something like it.

When I tried just now the command ssh 192.168.1.1 from under the Operating System command prompt, nothing happens. Maybe I need to specify other parameters.

Thank you

From: halijenn >

Reply-To: "cisco-support@sgaur.hosted.jivesoftware.com" >

Date: Thu, 15 Sep 2011 19:06:28 -0600

To: edward >

Subject: - Re: ASA5505 Console Issue

#####################################################################################

This e-mail message has been scanned for Viruses and Content and cleared

by MailMarshal

Yes, you can SSH/Telnet to the ASA.

To SSH, you would need to use SSH Client software, eg: SecurCRT or Putty.

To telnet, you can just telnet using the OS DOS command prompt.

You would need to enable telnet and SSH on the ASA if you are planning to use either telnet/ssh.

Once enabled, For telnet, you can telnet to any of the high security level interface, with the exception of the lowest security level interface.

For SSH, you can SSH to any of the ASA interfaces.

Yes I get a permission denied and you are right I need to enable it. Would you happen to know how to enable telnet/ssh under ASDM?

Thank you

From: halijenn >

Reply-To: "cisco-support@sgaur.hosted.jivesoftware.com" >

Date: Thu, 15 Sep 2011 19:20:39 -0600

To: edward >

Subject: - Re: ASA5505 Console Issue

#####################################################################################

This e-mail message has been scanned for Viruses and Content and cleared

by MailMarshal

Depending on which interface you are trying to telnet to and what ip address you are coming from.

If you would like to telnet to the ASA inside interface and allowing all IP Address to have the ability to telnet:

telnet 0 0 inside

For ssh to both inside and outside interface:

ssh 0 0 inside

ssh 0 0 outside

Hi Jennifer,

ssh it's not letting me in (see Terminal window image) ! and yet I have enabled ssh and telnet in ASDM Java Console.

I tried accessing the console using both default admin account, and a second account called edward

I know I must be so close to resolving this, but still not there! :-)

thanks for your help

Try to use the default username: pix and password: cisco, and see if you can log in.

I tried all SSH 192.168.1.1 userid/password combinations but no luck!

Would you know of a way of resetting the ASA admin password from inside the ASDM Command Line Interface?

Thank you for your patience and support

From: halijenn >

Reply-To: "cisco-support@sgaur.hosted.jivesoftware.com" >

Date: Thu, 15 Sep 2011 20:46:48 -0600

To: edward >

Subject: - Re: ASA5505 Console Issue

Cisco Support Community<>

Re: ASA5505 Console Issue

created by Jennifer Halim<> in Firewalling - View the full discussion<>

You would also need to configure the AAA authentication if you haven't for SSH and Telnet:

aaa authentication telnet console LOCAL

aaa authentication ssh console LOCAL

Then try to login with the username that you have configured on the ASA.

Hi Jennifer,

I have good news! I can access the console using both telnet and ssh however only a subset of the ASA commands will work!

For example, these commands are recognised:-

show version

show local host

Whereas the following will not work:-

crypto key generate rsa label sslvpnkeypair

Have a look here:-

Last login: Fri Sep 16 14:29:39 on ttys001

192-168-1-200:~ edward$ ssh edward@192.168.1.1

edward@192.168.1.1's password:

Type help or '?' for a list of available commands.

ciscoasa> show running-config

^

ERROR: % Invalid input detected at '^' marker.

ciscoasa> "sh run"

^

ERROR: % Invalid input detected at '^' marker.

ciscoasa> crypto key generate rsa label sslvpnkeypair

^

ERROR: % Invalid input detected at '^' marker.

ciscoasa

At the moment, when you log in, you are at the most basic level, so you can only issue a few commands.

To go to the next level of command, you would need to type in "enable", that will bring you to enable mode.

You would be able to issue all the "show" commands within enable mode.

If you need to configure anything, then you would need to go to the configuration mode. To go to config mode, from enable mode, type in "conf t".

Once you are in config mode, you can pretty much enter any commands and the configuration will take effect immediately as soon as you configure it.

Hi Jennifer,

Everything works perfectly now!

I don’t know how to thank you enough for your support.

Enjoy the coming weekend

Bye

Edward

From: halijenn >

Reply-To: "cisco-support@sgaur.hosted.jivesoftware.com" >

Date: Fri, 16 Sep 2011 00:09:49 -0600

To: edward >

Subject: - Re: ASA5505 Console Issue

#####################################################################################

This e-mail message has been scanned for Viruses and Content and cleared

by MailMarshal

No problem.. and glad to hear everything is ok.

Please kindly mark the post as answered so others can learn from your post. Thank you.

Review Cisco Networking for a $25 gift card