Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
515
Views
5
Helpful
1
Replies

ssh config in ASA

Muthukumar P
Level 1
Level 1

‎03-22-2017 11:12 AM - edited ‎03-12-2019 02:06 AM

I have mentioned the ASA firewall config .. I want configure SSH only for the below interface.. 

interface Port-channel10

lacp max-bundle 8

nameif ASA-OUT

security-level 0

ip address 10.246.17.145 255.255.255.248 standby 10.246.17.146

Please do the needful..

Configuration:

---------------

Hardware:   ASA5525, 8192 MB RAM, CPU Lynnfield 2394 MHz, 1 CPU (4 cores)
:
ASA Version 9.4(4)2
!
hostname citpl-dc-fw01a
enable password LmPAkL7AVu3jAHq3 encrypted
names
!
interface GigabitEthernet0/0
 description *** Dcsw1-port 47 ***
 channel-group 40 mode active
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/1
 description *** Dcsw2-port 47 ***
 channel-group 40 mode active
 no nameif
 no security-level
 no ip address
<--- More --->
              
!
interface GigabitEthernet0/2
 channel-group 10 mode active
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/3
 channel-group 10 mode active
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/4
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/5
 no nameif
 no security-level
 no ip address
!
<--- More --->
              
interface GigabitEthernet0/6
 channel-group 42 mode active
!
interface GigabitEthernet0/7
 channel-group 42 mode active
!
interface Management0/0
 management-only
 nameif management
 security-level 100
 no ip address
!
interface Port-channel10
 lacp max-bundle 8
 nameif ASA-OUT
 security-level 0
 ip address 10.246.17.145 255.255.255.248 standby 10.246.17.146
!
interface Port-channel40
 lacp max-bundle 8
 no nameif
 no security-level
 no ip address
!
<--- More --->
              
interface Port-channel40.31
 description ** Hardware Manageemnt **
 vlan 31
 nameif HARDWARE-MGMT
 security-level 100
 ip address 10.246.17.1 255.255.255.192 standby 10.246.17.2
!
interface Port-channel40.50
 description ** TOS-APP Server **
 vlan 50
 nameif TOS-APP
 security-level 100
 ip address 10.246.19.1 255.255.255.224 standby 10.246.19.2
!
interface Port-channel40.51
 description ** TOS-DB Server **
 vlan 51
 nameif TOS-DB
 security-level 100
 ip address 10.246.19.33 255.255.255.224 standby 10.246.19.34
!
interface Port-channel40.52
 description ** CORP-APP Server **
 vlan 52
<--- More --->
              
 nameif CORP-APP
 security-level 100
 ip address 10.246.19.65 255.255.255.224 standby 10.246.19.66
!
interface Port-channel40.53
 description ** TEST-TOS Server **
 vlan 53
 nameif TEST-TOS
 security-level 100
 ip address 10.246.19.145 255.255.255.248 standby 10.246.19.146
!
interface Port-channel40.54
 description **Vmotion **
 vlan 54
 nameif VMotion
 security-level 100
 ip address 192.168.1.1 255.255.255.0 standby 192.168.1.2
!
interface Port-channel40.55
 description ** HOST-MGMT Server **
 vlan 55
 nameif HOST-MGMT
 security-level 100
 ip address 10.246.19.161 255.255.255.240 standby 10.246.19.162
<--- More --->
              
!
interface Port-channel42
 description LAN/STATE Failover Interface
 lacp max-bundle 8
!
interface Port-channel48
 no nameif
 no security-level
 no ip address
!

Labels:
0 Helpful
1 Reply 1

Karsten Iwen
VIP
VIP

‎03-22-2017 01:30 PM

Here for the general SSH-config:

Guide to better SSH-Security

And then you allow only access from the mentioned subnet:

ssh 10.246.17.144 255.255.255.248 ASA-OUT
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card