Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2843
Views
10
Helpful
4
Replies

Error Trying to connect to SSH to an FTD reimage to ASA

Go to solution
Alemend88
Level 1
Level 1

‎08-12-2020 06:28 PM

Hi guys could someone give me a hand on the following error that Im getting from the device, this is a FTD 2130 but it was reimage to ASA 9.8(4)25, below is the current config 

crypto key generate rsa modulus 2048

username **** password ***** priv 15

aaa authentication ssh console LOCAL
 ssh 0.0.0.0 0.0.0.0 management

ssh timeout 5
ssh version 2
ssh key-exchange group dh-group14-sha1

 

ssh -l user x.x.x.x 
[Connection to x.x.x.x aborted: error status 0]

 

 

Im able to ping the device and acces to it via telnet(which I will disable) however ssh its not working. Please let me know if Im missing something

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP
In response to Alemend88

‎08-14-2020 08:02 AM

You can get a license from the licensing portal, without having to go via TAC.
Go to your Smart Account, then Get Licenses, then IPS, Crypto or Other
Select Security Products, then Cisco ASA 3DES/AES License

 

lic.PNG

View solution in original post

4 Replies 4

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎08-13-2020 01:04 AM

is this working before upgrade ? if it was working - regenreate crypto RSA Key and try again.

if it was not work ever, then post your configuration to look.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Mohammed al Baqari
Level 11
Level 11

‎08-13-2020 02:33 AM

Hi,

try removing the command 'ssh key-exchange group dh-group14-sha1'. Your ssh
client might not support dh group 14. Just use the default dh group,
regenerate the key and see if it works.

**** remember to rate useful posts

Go to solution
Alemend88
Level 1
Level 1

‎08-14-2020 07:52 AM

Hi guys thank you very much for your answers,  I ran a debug ssh and found out that  AES or 3 DES encryption algorithm are not available, so I have a problem with the license, right now I have a ticket with TAC since they still have my license as a smart one.

 

sho ver | i AES
Encryption-3DES-AES : Disabled

 

Thanks a lot for the help 

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to Alemend88

‎08-14-2020 08:02 AM

You can get a license from the licensing portal, without having to go via TAC.
Go to your Smart Account, then Get Licenses, then IPS, Crypto or Other
Select Security Products, then Cisco ASA 3DES/AES License

 

lic.PNG

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card