cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2739
Views
0
Helpful
15
Replies

SSH does not work in inside interface in ASA

Chieu Dinh
Level 1
Level 1

I am able to run ASM but I can't run SSH from inside interface. Does anyone know how can I start to debug the problem? I checked all the setting for enable ssh, I setup it the same way as an instruction.

aaa authentication ssh console LOCAL

ssh 192.168.0.0 255.255.255.0 inside

crypto key generate rsa modulus 1024

What I am missing here? I also have username and password for admin.

Thanks                  

15 Replies 15

mahesh18
Level 6
Level 6

Hi Chieu,

Can you provide the output of sh ver?

Thanks

mahesh

Also check  when you do sh ver

Encryption-DES                    : Enabled        perpetual

Encryption-3DES-AES               : Enabled        perpetual

Do you see above two things enabled?

Thanks

Mahesh

Here is the show ver

Result of the command: "show ver"

Cisco Adaptive Security Appliance Software Version 8.2(3)3
Device Manager Version 6.2(5)53

Compiled on Wed 25-Aug-10 21:43 by builders
System image file is "disk0:/asa823-3-k8.bin"
Config file at boot was "startup-config"

ciscoasa up 207 days 6 hours

Hardware:   ASA5510, 1024 MB RAM, CPU Pentium 4 Celeron 1599 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash Firmware Hub @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
                             Boot microcode   : CN1000-MC-BOOT-2.00
                             SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
                             IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.04

0: Ext: Ethernet0/0         : address is 5475.d050.7f46, irq 9
1: Ext: Ethernet0/1         : address is 5475.d050.7f47, irq 9
2: Ext: Ethernet0/2         : address is 5475.d050.7f48, irq 9
3: Ext: Ethernet0/3         : address is 5475.d050.7f49, irq 9
4: Ext: Management0/0       : address is 5475.d050.7f45, irq 11
5: Int: Not used            : irq 11
6: Int: Not used            : irq 5

Licensed features for this platform:
Maximum Physical Interfaces    : Unlimited
Maximum VLANs                  : 50       
Inside Hosts                   : Unlimited
Failover                       : Disabled
VPN-DES                        : Enabled  
VPN-3DES-AES                   : Enabled  
Security Contexts              : 0        
GTP/GPRS                       : Disabled 
SSL VPN Peers                  : 2        
Total VPN Peers                : 250      
Shared License                 : Disabled
AnyConnect for Mobile          : Disabled 
AnyConnect for Cisco VPN Phone : Disabled 
AnyConnect Essentials          : Disabled 
Advanced Endpoint Assessment   : Disabled 
UC Phone Proxy Sessions        : 2        
Total UC Proxy Sessions        : 2        
Botnet Traffic Filter          : Disabled 

This platform has a Base license.

Serial Number: JMX1420L3JW
Running Activation Key: 0x8b0edb7c 0x4cee2474 0x34813190 0x90e01484 0x0d2211b2
Configuration register is 0x1
Configuration last modified by cdinh at 15:36:53.519 PDT Mon Jul 29 2013

It was working before I added the new VPN tunnel with another ASA. I did not know what configuration that I had removed to lost this setting.

Hi Chieu,

If it was working before then try to regenerate the keys?

Hope it will not effect any vpn config

ASA1(config)# crypto key zeroize rsa

WARNING: All RSA keys will be removed.

WARNING: All device digital certificates issued using these keys will also be removed.

Do you really want to remove these keys? [yes/no]: yes

thanks

mahesh

It might effect my vpn config

Hi Chieu,

Can you provide the output of sh run ssh?

Thanks

MAhesh

here is the show run ssh

ssh 192.168.25.0 255.255.255.0 inside

ssh 192.168.16.0 255.255.255.0 inside

ssh 192.168.15.0 255.255.255.0 inside

ssh 0.0.0.0 0.0.0.0 inside

ssh timeout 5

Thanks

Hi Chieu,

Can you remove lines below

ssh 192.168.25.0 255.255.255.0 inside

ssh 192.168.16.0 255.255.255.0 inside

ssh 192.168.15.0 255.255.255.0 inside

and try again.

Thanks

mahesh

It does not work after I removed these lines:

ssh 192.168.25.0 255.255.255.0 inside

ssh 192.168.16.0 255.255.255.0 inside

ssh 192.168.15.0 255.255.255.0 inside

But you have this line right

ssh 0.0.0.0 0.0.0.0 inside  ?

Thanks

MAhesh

Yes. I still have ssh 0.0.0.0 0.0.0.0 inside

Hi Mahesh

Do you have any ideas to troubleshooting this problem? Do I need any access list for inside interface?

Hi Chieu,

Seems when you are behind the inside interface of ASA  then you are on same network so you do not need ACL then.

You can try to regenerate the crypto keys as i mentioned earlier.

I could not think anything else for the moment.

Thanks

MAhesh

Review Cisco Networking for a $25 gift card