Re: Access to ASA via SSH and ASDM from Rati Berikaant Jokhadze on 2013-09-05 (Ccielab archives 09/2013)

From: Rati Berikaant Jokhadze <iinfo83_at_gmail.com>
Date: Thu, 05 Sep 2013 09:43:11 +0400

Ports is open or not? scan with nmap or just telnet to 22 port. if ports
is open , maybe you have session overload , just write "who" in exec
mode end checkout result :-)

On 09/05/2013 04:28 AM, Anthony wrote:
> Thx guys but my problem is that I am unable to ssh and asdm can't connect either (running version 9.x btw).
>
> I had to regenerate keys in past but wanted to see if there was a better way since these are remote devices without console OOB (have telnet disabled for sec reasons)...
>
> Sent from my iPhone
>
> On Sep 4, 2013, at 6:03 PM, Travis Niedens <niedentj_at_hotmail.com> wrote:
>
>> Ways I have fixed this in the past:
>>
>> ASDM:
>>
>> 1. Confirm image and reupload.
>> 2. Confirm http server enable and port. If doing webvpn you may have a port
>> conflict.
>> 3. make sure you permit your subnet / interface.
>> 4. A new one I found - newer ASA code adds in a line "ssl encryption des" -
>> you want to change it to "ssl encryption 3des"
>>
>> SSH:
>> 1. Confirm you have permitted your subnet / interface.
>> 2. confirm ssh version
>> 3. You may have to zeroize and regen your rsa key
>> 4. There is a known bug with 8.4.1 (CSCtn75060). Fix is to reload, disable /
>> remove all SSH commands and re-add.
>>
>> Hope that helps,
>> Travis
>> -----Original Message-----
>> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
>> Anthony Bonilla
>> Sent: Wednesday, September 04, 2013 1:42 PM
>> To: Cisco certification
>> Subject: OT: Access to ASA via SSH and ASDM
>>
>> Team,
>>
>> We have a whole bunch of Cisco ASA 5500 firewalls being used at head end and
>> at branches and at times, I have noticed that I am unable to connect to one
>> of the remote devices via SSH and/or ASDM (it can't connect).
>> Apparently, rebooting the device does not help either. I was wondering if
>> anyone else has experienced this issue and if so, what is the best way to
>> resolve it? BTW, I don't have any remote console solutions for these
>> devices and have to get someone to console in to fix it but wondering if
>> there is a better way for me to take care of issue remotely or avoid all
>> together? Please let me know if possible. TIA.
>>
>> Tony
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Thu Sep 05 2013 - 09:43:11 ART

This archive was generated by hypermail 2.2.0 : Tue Oct 01 2013 - 06:36:35 ART