04-04-2011 01:39 PM - edited 03-11-2019 01:16 PM
Hi All
Am I doing something daft/misunderstanding here?
Configuring a Cisco ASA 5505 from the CLI. "ssh ?" shows:
hostname or A.B.C.D The IP addres of the host and/or network authorized to
login to the system
Yet when I enter a hostname I get "Invalid hostname". It isn't invalid! If I do ping <hostname> as the next command it resolves it fine.
Basically I want to do is allow access from home where I have a dynamic IP and have a DynDNS account set up to update a hostname with the current IP.
Thanks all
Shell
Solved! Go to Solution.
04-04-2011 03:17 PM
Hi Shell,
The "host name" mentioned in the "ssh ?" output, is basically a name-to-ip mapping that can be defined on the ASA.
It does resolve the names in ping, but that dynamic resolution doesn't work for all features.
So you can configure something like:
names (to enable names)
name 192.168.1.10 office_pc
name 62.62.62.62 home_pc
ssh office_pc 255.255.255.255 inside
ssh home_pc 255.255.255.255 outside
However you wouldn't be able to configure ssh for the DDNS name that you have.
I would suggest having ssh open for the full subnet within which you get the DHCP ip, and use a strong cryptic password for ssh login.
Hope this helps.
-Shrikant
P.S.: Please mark the question resolved, if it has been answered. Do rate helpful posts. Thanks.
04-04-2011 03:17 PM
Hi Shell,
The "host name" mentioned in the "ssh ?" output, is basically a name-to-ip mapping that can be defined on the ASA.
It does resolve the names in ping, but that dynamic resolution doesn't work for all features.
So you can configure something like:
names (to enable names)
name 192.168.1.10 office_pc
name 62.62.62.62 home_pc
ssh office_pc 255.255.255.255 inside
ssh home_pc 255.255.255.255 outside
However you wouldn't be able to configure ssh for the DDNS name that you have.
I would suggest having ssh open for the full subnet within which you get the DHCP ip, and use a strong cryptic password for ssh login.
Hope this helps.
-Shrikant
P.S.: Please mark the question resolved, if it has been answered. Do rate helpful posts. Thanks.
04-05-2011 01:23 AM
Thanks Shrikant. I'll have a think how I want to go about it then. Public IP range is huge, massive ISP! Would be a waste of time even restricting it lol
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide