Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
141
Views
1
Helpful
4
Replies

Firepower 1120 FTD Setup

teamdv6199
Level 1
Level 1

‎09-26-2024 09:05 AM

Hello,

I have a firewall 1120 ASA series and I am not understanding how the initial device works. I first want to change the management IP. Is that going to be Managment1/1 interface? Assuming it is, I can ping that new ip i made. How do I ssh to the fw to make changes. Is that going to be on the management IP? Or do I have to elevate to the ASA and configure another ip?  I want to SSH to the box. Is that going to be on the Managment IP? 

 

0 Helpful
4 Replies 4

Aref Alsouqi
VIP
VIP

‎09-26-2024 09:29 AM

As best practice you should use the console connection, but if you want to make the change over SSH just make sure that you are setting the right IP addressing to avoid locking yourself out of the box. To change the IP on the management port you go to the port config and you issue the ip address command with the right IP address and subnet mask.

Please take a look at this guide that will help you to get that done:

Cisco Firepower 1100 Getting Started Guide - ASA Deployment with ASDM [Cisco Firepower 1000 Series] - Cisco

teamdv6199
Level 1
Level 1
In response to Aref Alsouqi

‎09-26-2024 10:00 AM - edited ‎09-26-2024 10:05 AM

So I went under Management 1/1 and did something like this:

ip address 192.168.1.1 255.255.255.0
nameif management
security-level 100
no shutdown

Per this documentation:CLI Book 1: Cisco Secure Firewall ASA Series General Operations CLI Configuration Guide, 9.19 - Getting Started [Cisco Secure Firewall ASA] - Cisco

 

And I can ping the new ip i configured but I cant ssh to it.

 

 

The link you sent me  says connect to ASA console port is that just consoling in it and connecting to the asa? by connect asa? 

0 Helpful

Aref Alsouqi
VIP
VIP
In response to teamdv6199

‎09-27-2024 03:37 AM

The basic configs to enable SSH on the ASA would be:

1) Configure domain name:
domain-name < your company domain name >

2) Create RSA crypto key:
crypto key generate rsa general-keys modulus 2048

3) Create a username and password:
username < username of your choice > privilege 15 password < password of your choice >

4) Enable SSH local authentication:
aaa authentication ssh console LOCAL

5) Enable SSH v2:
ssh version 2

6) Decide from which subnet/interface you want to allow SSH connections:
ssh < the subnet or IP address you want to allow SSH from > < subnet mask > < the interface to which the SSH traffic will be coming to >

0 Helpful

MHM Cisco World
VIP
VIP

‎09-26-2024 10:00 AM

https://youtu.be/DYXMQKtfbTo?si=HiXFTRwfRTGsxAtq

this for you friend 

MHM

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card