Thanks,

I didd "sh run ssh" and it shows

ASA# sh run ssh
ssh 0.0.0.0 0.0.0.0 outside
ssh 0.0.0.0 0.0.0.0 inside

ssh timeout 60

also doesn't let run ''ssh version [1 | 2]''

Samething for ssl " 'sh cry ssl'' -- it say invalid entry.

Which OS version are you running?

sh version

Federico.

ASA Version 8.0(3)

You require to be in configuration mode:

ASA(config)#

Federico.

i did that in config mode.

I mentioned that because from your post it shows you're in privilege mode and not in configuration mode.

If you're in configuration mode, what do you get with this:

ASA(config)# ssh ?

ASA(config)# ssl ?

Federico.

ASA(config)# sh ssh
Timeout: 60 minutes
Versions allowed: 1 and 2
0.0.0.0 0.0.0.0 outside
0.0.0.0 0.0.0.0 inside
ASA(config)# sh cry ssl
                              ^
ERROR: % Invalid input detected at '^' marker.
ASA(config)#

For ssh it says both version allowed.  How can be disable version 1.

For ssl it's say invalid

Sorry forget to include the following info that your requested.

ASA(config)# ssh?

configure mode commands/options:
  ssh

exec mode commands/options:
  ssh
ASA(config)# ssl?

configure mode commands/options:
  ssl

ASA(config)# ssh version 2

ASA(config)# sh ssh

Timeout: 30 minutes
Version allowed: 2
0.0.0.0 0.0.0.0 outside

ASA(config)# sh ssl

Accept connections using SSLv2, SSLv3 or TLSv1 and negotiate to SSLv3 or TLSv1

ASA(config)# ssl server-version ?
  any         Enter this keyword to accept SSLv2 ClientHellos and either SSLv3
              or TLSv1 will be negotiated
  sslv3       Enter this keyword to accept SSLv2 ClientHellos and negotiate
              SSLv3
  sslv3-only  Enter this keyword to accept ClientHellos only from a client
              using SSLV3
  tlsv1       Enter this keyword to accept SSLv2 ClientHellos and negotiate
              TLSv3
  tlsv1-only  Enter this keyword to accept ClientHellos only from a client
              using TLSV1

Federico.

ASA(config)# ssh version 2
ASA(config)# sh ssh
Timeout: 60 minutes
Version allowed: 2
0.0.0.0 0.0.0.0 outside
0.0.0.0 0.0.0.0 inside

that changed to verizon 2 only but timeout stayed 60 minutes.

ssl:

ASA(config)# sh ssl
                     ^
ERROR: % Invalid input detected at '^' marker.
ASA(config)# ssl server-version ?

configure mode commands/options:
  any         Enter this keyword to accept SSLv2 ClientHellos and either SSLv3
              or TLSv1 will be negotiated
  sslv3       Enter this keyword to accept SSLv2 ClientHellos and negotiate
              SSLv3
  sslv3-only  Enter this keyword to accept ClientHellos only from a client
              using SSLV3
  tlsv1       Enter this keyword to accept SSLv2 ClientHellos and negotiate
              TLSv3
  tlsv1-only  Enter this keyword to accept ClientHellos only from a client
              using TLSV1
ASA(config)#

What should i do here.  According to the vendor ssl 2.0 should be off, but i can't check the status. Pls help.

To negotiate only SSlv3

ssl server-version sslv3-only

If you want to change the timeout (whole different story) for SSH:

ssh timeout ?

Federico.

60 minutes is fine.

If i do the following: ssl server-version sslv3-only ....will this give me any issue..for example we have OWA for exchange ...also for any reason if there is issue how should go back to my old settings...agian Federico thanks for this.

Well you might run into issues if you have any application running on any other SSL version.

By adding the command sslv3-only, the ASA will only support SSLv3.

Before doing this, make sure it will not affect any application.

To do a rollback is not much of a problem...

Just copy/paste the output from:

sh run ssh

sh run ssl

Back to the ASA.

Federico.