Re: Access to ASA via SSH and ASDM from Anthony on 2013-09-04 (Ccielab archives 09/2013)

From: Anthony <anthonybonilla.ccie_at_gmail.com>
Date: Wed, 4 Sep 2013 20:28:08 -0400

Thx guys but my problem is that I am unable to ssh and asdm can't connect either (running version 9.x btw).

I had to regenerate keys in past but wanted to see if there was a better way since these are remote devices without console OOB (have telnet disabled for sec reasons)...

Sent from my iPhone

On Sep 4, 2013, at 6:03 PM, Travis Niedens <niedentj_at_hotmail.com> wrote:

> Ways I have fixed this in the past:
>
> ASDM:
>
> 1. Confirm image and reupload.
> 2. Confirm http server enable and port. If doing webvpn you may have a port
> conflict.
> 3. make sure you permit your subnet / interface.
> 4. A new one I found - newer ASA code adds in a line "ssl encryption des" -
> you want to change it to "ssl encryption 3des"
>
> SSH:
> 1. Confirm you have permitted your subnet / interface.
> 2. confirm ssh version
> 3. You may have to zeroize and regen your rsa key
> 4. There is a known bug with 8.4.1 (CSCtn75060). Fix is to reload, disable /
> remove all SSH commands and re-add.
>
> Hope that helps,
> Travis
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
> Anthony Bonilla
> Sent: Wednesday, September 04, 2013 1:42 PM
> To: Cisco certification
> Subject: OT: Access to ASA via SSH and ASDM
>
> Team,
>
> We have a whole bunch of Cisco ASA 5500 firewalls being used at head end and
> at branches and at times, I have noticed that I am unable to connect to one
> of the remote devices via SSH and/or ASDM (it can't connect).
> Apparently, rebooting the device does not help either. I was wondering if
> anyone else has experienced this issue and if so, what is the best way to
> resolve it? BTW, I don't have any remote console solutions for these
> devices and have to get someone to console in to fix it but wondering if
> there is a better way for me to take care of issue remotely or avoid all
> together? Please let me know if possible. TIA.
>
> Tony
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Wed Sep 04 2013 - 20:28:08 ART

This archive was generated by hypermail 2.2.0 : Tue Oct 01 2013 - 06:36:35 ART