cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
752
Views
0
Helpful
4
Replies

Could not configure ssh on ASA5515

blankguy7
Level 1
Level 1

Hello,

We using a ASA 5515 with following software :

[...]

Cisco Adaptive Security Appliance Software Version 9.1(1)

Device Manager Version 7.1(1)52

Compiled on Wed 28-Nov-12 11:15 PST by builders

System image file is "disk0:/asa911-smp-k8.bin"

[...]

We need two things and it is for this purpose that we don't use the management0/0 because is management only

1)  use a interface to intern traffic

# sh run int gi1/0

!

interface GigabitEthernet1/0

description Intern Net

no nameif

security-level 100

ip address 192.16x.x.10 255.255.255.0 standby 192.16x.x.11

But the firewall itself could not ping this interface?

2) use this interface to connect through ssh to :

hostname(config)# crypto key generate rsa modulus 1024

hostname(config)# write memory

hostname(config)# aaa authentication ssh console LOCAL

hostname(config)# username exampleuser1 password examplepassword1


all itself cuold not ping this interface?

hostname(config)# ssh 192.168.1.2 255.255.255.255 inside


The ssh command could only be configure for a configured's interface the aren't value like inside or outside ? where could I find these?

As someone an ideas what it these probelm?

Thank you a lot

1 Accepted Solution

Accepted Solutions

Hi,

I dont remember what the default setting for interface ICMP was BUT

You could try the command

icmp permit any inside

Where are you PING/ICMP the ASA interface from?

To connect to that interface with SSH you need the configuration you mentioned

ssh inside

This defines that hosts from can connect to the ASA with SSH as long as they are from behind the interface "inside"

- Jouni

View solution in original post

4 Replies 4

Jouni Forss
VIP Alumni
VIP Alumni

Hi,

You have configured no "nameif" for the interface.

This is essential for the interface to work

EDIT: Then again what is the interface which is reference in the other command as "inside"?

- Jouni

Hi,

Thank you very much for your help!

Ok, I've configured the nameif as "inside" and yet I could ping it.

Now, when I configure ssh I put here the name of interface namely "inside". It is right so?

Best regards,

Hi,

I dont remember what the default setting for interface ICMP was BUT

You could try the command

icmp permit any inside

Where are you PING/ICMP the ASA interface from?

To connect to that interface with SSH you need the configuration you mentioned

ssh inside

This defines that hosts from can connect to the ASA with SSH as long as they are from behind the interface "inside"

- Jouni

It's works... thank you and have a nice day

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: