Pulkit,

"show run" is attached.

Suresh,

Configuration seems to be there.

Please add :

crypto key generate rsa modulus 1024

I think rsa key is missing.

Let me know how it goes .

Regards,

Pulkit Saxena

No luck in getting in Pulkit

i configured 2048 instead of 1024 and i believe that will not be an issue.

Please confirm if you are doing ssh on inside interface with a machine which is behind inside interface only ?

You cannot ssh a far end interface.

Also, please share with me the output of "show version".

We need to have VPN-3DES license.

Regards,

Pulkit Saxena

Am trying to ssh from a server which is sitting behind inside interface.I see that VPN-3DES is enabled.

DMZASA-2# sh ver

Cisco Adaptive Security Appliance Software Version 8.2(5)

Compiled on Fri 20-May-11 16:00 by builders
System image file is "disk0:/asa825-k8.bin"
Config file at boot was "startup-config"

DMZASA-2 up 1 hour 11 mins

Hardware:   ASA5510, 1024 MB RAM, CPU Pentium 4 Celeron 1599 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash Firmware Hub @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
                             Boot microcode   : CN1000-MC-BOOT-2.00
                             SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
                             IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.05

 0: Ext: Ethernet0/0         : address is f866.f2b1.4000, irq 9
 1: Ext: Ethernet0/1         : address is f866.f2b1.4001, irq 9
 2: Ext: Ethernet0/2         : address is f866.f2b1.4002, irq 9
 3: Ext: Ethernet0/3         : address is f866.f2b1.4003, irq 9
 4: Ext: Management0/0       : address is f866.f2b1.3fff, irq 11
 5: Int: Not used            : irq 11
 6: Int: Not used            : irq 5

Licensed features for this platform:
Maximum Physical Interfaces    : Unlimited
Maximum VLANs                  : 100
Inside Hosts                   : Unlimited
Failover                       : Active/Active
VPN-DES                        : Enabled
VPN-3DES-AES                   : Enabled
Security Contexts              : 2
GTP/GPRS                       : Disabled
SSL VPN Peers                  : 2
Total VPN Peers                : 250
Shared License                 : Disabled
AnyConnect for Mobile          : Disabled
AnyConnect for Cisco VPN Phone : Disabled
AnyConnect Essentials          : Disabled
Advanced Endpoint Assessment   : Disabled
UC Phone Proxy Sessions        : 2
Total UC Proxy Sessions        : 2
Botnet Traffic Filter          : Disabled

This platform has an ASA 5510 Security Plus license.

Serial Number: JMX1447L1S8
Running Activation Key: 0xcb2ef546 0x106571a9 0x54e28534 0x8c3ce048 0x422c3cb2
Configuration register is 0x1
Configuration has not been modified since last system restart.
DMZASA-2#

Suresh,

Share the output of "show asp table socket".

Also, for test purpose, please apply the command :

ssh 0 0 inside 

Regards,

Pulkit Saxena

DMZASA-2# sho asp table socke

Protocol  Socket    Local Address               Foreign Address         State
SSL       000083bf  192.168.1.1:443             0.0.0.0:*               LISTEN
TCP       0001ea6f  10.x.x.253:22               0.0.0.0:*               LISTEN

Configured ssh 0 0 inside

Hi,

As pulkit pointed out , the configuration is correct.

Do you have connectivity from that host to the ASA inside interface ? Try to ping the interface and verify. Also , is this PC in the directly connected subnet as the ASA Inside interface or behind a Layer 3 Hop ?

Check the connectivity and see if that verifies.

Thanks and Regards,

Vibhor Amrodia

Thanks! to all who helped me i figured out the issue and it is working fine now.

Suresh,

Glad that it worked. However, I would like to know what was missing ?

Was it a connectivity issue ?

Regards,

Pulkit Saxena

Pulkit,

Sometimes after configuring ssh on ASA reload might be needed which sounds weird so after reloading ASA it worked fine for me.

Now am trying to setup ASDM for it and struggling with it and getting error "unable to launch device manager" java version which am using is 7 Update 51. Any suggestions are welcome..:)

Suresh,

A reload is not at all required. It is because you are running 8.2.5 and can be a caveat. I would recommend you to upgrade to an interim release of the same version.

Now in regards to your ASDM issue, i had a look at the same running configuration and found that this command is missing : 

http 0 0 inside

Also, i wouls suggest to use java 7 update 45 and use mozilla firefox and wr should be good to go.

Regards, 

Pulkit Saxena

Pulkit,

I can finally login ASDM it was port issue which i didn't looked.Any how thanks for help and support appreciate it.

In generic i have a question I need to restrict patch panel ports in our office as we will have lot of visitors/technicians who carry laptops and use internet by connecting laptop to free patch panel ports.