Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1470
Views
0
Helpful
3
Replies

SSH Bypass

lmqtechnology
Level 1
Level 1

‎08-18-2020 06:50 AM

We have been receiving some AAA failure login attempts from external IPs.  Both SSH and HTTPS to the outside interface is restricted to an external IP owned by myself so I cant work out how this could be the case. ASA version is 9.10

0 Helpful
3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

‎08-18-2020 06:57 AM

 

You getting request on outside interface (they gained access) or denied ?

is yout ASA Listening https and ssh port on outside interface ?

can you post the configuraiton to understand better

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

lmqtechnology
Level 1
Level 1
In response to balaji.bandi

‎08-18-2020 07:00 AM

All I see in logs is AAA authentication failure against the LOCAL database.  The HTTP and SSH management sessions are the only services configured to use LOCAL.  SSH and HTTP is enabled on outside interface but locked down to certain IPs

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to lmqtechnology

‎08-18-2020 08:58 AM

Do you see the IP address coming from unknown ? if the ACL in place for spcific IP only allow, rest should rejected by default.

 

can you post some example logs please for us to understand.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card