cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

819
Views
10
Helpful
4
Replies
Highlighted
Beginner

Error Trying to connect to SSH to an FTD reimage to ASA

Hi guys could someone give me a hand on the following error that Im getting from the device, this is a FTD 2130 but it was reimage to ASA 9.8(4)25, below is the current config 

crypto key generate rsa modulus 2048

username **** password ***** priv 15

aaa authentication ssh console LOCAL
 ssh 0.0.0.0 0.0.0.0 management

ssh timeout 5
ssh version 2
ssh key-exchange group dh-group14-sha1

 

ssh -l user x.x.x.x 
[Connection to x.x.x.x aborted: error status 0]

 

 

Im able to ping the device and acces to it via telnet(which I will disable) however ssh its not working. Please let me know if Im missing something

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

You can get a license from the licensing portal, without having to go via TAC.
Go to your Smart Account, then Get Licenses, then IPS, Crypto or Other
Select Security Products, then Cisco ASA 3DES/AES License

 

lic.PNG

View solution in original post

4 REPLIES 4
Highlighted
VIP Expert

is this working before upgrade ? if it was working - regenreate crypto RSA Key and try again.

if it was not work ever, then post your configuration to look.



BB


*** Rate All Helpful Responses ***

Highlighted
VIP Advisor

Hi,

try removing the command 'ssh key-exchange group dh-group14-sha1'. Your ssh
client might not support dh group 14. Just use the default dh group,
regenerate the key and see if it works.

**** remember to rate useful posts
Highlighted
Beginner

Hi guys thank you very much for your answers,  I ran a debug ssh and found out that  AES or 3 DES encryption algorithm are not available, so I have a problem with the license, right now I have a ticket with TAC since they still have my license as a smart one.

 

sho ver | i AES
Encryption-3DES-AES : Disabled

 

Thanks a lot for the help 

Highlighted

You can get a license from the licensing portal, without having to go via TAC.
Go to your Smart Account, then Get Licenses, then IPS, Crypto or Other
Select Security Products, then Cisco ASA 3DES/AES License

 

lic.PNG

View solution in original post

Content for Community-Ad