Can not connect ASA through SSH and HTTPS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-20-2007 02:30 PM - edited 03-11-2019 04:28 AM
I have just configured the firewall with all the standard configuration but I can not gain SSH access. I have attached the running-config below, can someone please let me know what am I missing. I have configured the SSH exactly as stated at :
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/mgaccess.html#wpxref11628
still no connectivity, do I have to generate any other certificates other than the crypto rsa key which I have already generated ?
For more info, I can not even connect the device through HTTPS even after enabling the HTTP server.
Regards,
Murtaza
- Labels:
-
NGFW Firewalls
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-20-2007 11:19 PM
What is the output of:
show crypto key mypubkey rsa
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-21-2007 10:30 AM
If general connectivity is OK (it does answer
to pings when connected to network, right ?)
Then I'd zeroize the current key and create new ones for a check
ASA(config)# crypto key zeroize rsa
ASA(config)# crypto key generate rsa
If it doesn't help ,trying to enable debug and
connecting simultaneously by Console and http/ssh would reveal more info ..
ASA# debug http 255
ASA# debug ssh 255
If there is some communication you'll see smth like
ASA(config)# listen: Received HTTP request.
Started http listen on interface outside port 443
ASA(config)# http_get_token: received no block data for ssl
listen: Received HTTP request.
Started http listen on interface outside port 443
BTW running config is OK 100%
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-22-2007 08:51 AM
Thanks for that Yuri, I'll have a look at the troubleshooting through debugging as suggested, the device is offline currently so I'll have to check that later.
Regards
Murtaza
