Cisco Firewall :: Telnet / Ssh To ASA 8.2 Not Working
Oct 7, 2012I am not able to telnet or ssh to ASA running 8.2.5(33). [code] I am able to ping inside interface of the ASA. Telnet gets stuck at Trying
View 2 RepliesI am not able to telnet or ssh to ASA running 8.2.5(33). [code] I am able to ping inside interface of the ASA. Telnet gets stuck at Trying
View 2 Replies1.SCP Not Working on my Linux Box (Fedora release 7 (Moonshine))to Fedora fc11.i686 running box[CODE]
View 5 Replies View RelatedI have one router 3925 equipment DIRECTLY connected to the Router that needs to be accessed by telnet port 23.
Please find the attached config details.
i have 68 sites with Routers. On each site I have one equipment DIRECTLY connected to the Router that needs to be accessed by telnet port 23.
I have 15 off this sites that the access via telnet to the equipment’s connected after the routers are not working. These sites are using Router Cisco 3925. The other sites that are working are using Routers Cisco MWR 2921.
Both router models are running the same configuration with no filter on it.
The equipment’s after the routers are all accessed directly via telnet without the router. If the router is directly plugged to the equipment the 15 sites with Router Cisco 3925 are not accessed via telnet.
There is any bug related with the IOS version that Router Cisco 3925 is using?:
Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.1(2)T2, RELEASE SOFTWARE (fc1).ROM: System Bootstrap, Version 15.0(1r)M8, RELEASE SOFTWARE (fc1).System image file is "flash0:c3900-universalk9-mz.SPA.151-2.T2.bin"
implementation of the cisco CSS 11501 boxes available as spare on our site into production for an application evry thing worked as expected. i was able to telnet the active/master box and was able to console both master and backup box from the console port.however a week post the activity im faced with this weird problem where im not able to take console or the telnet access of my primary/active box.The boxes are working in BOX-to-BOX redundancy and now im not able to telnet or console my active/master box. The telnet and console window prompts me for username and password and after entering the credentials nothing happens. no prompt or no error message is displayed.
The telnet primary authentication is via tacacs and secondary is via local. however for console im not using any method for primay authentication and local for secondary authentication. however i can successfully console my backup box. below are my obsrvations 1. the left and right status LED on the active CSS box is OFF.- it means my CSS 11501 failed and has no power. 2. upon firing the rcmd command with show line command on backup box i see that the telnet sessions and console session is established with the master box3. the redundancy state of the active box says it is master and has not changed state since my last activity, no application issue reported, all the services are active on the active box and also i can ping the active box ip address from my backup box over which box to box redundancy is established. This confirms the active box is functioning well 4. i initially thought the telnet sessions are not getting cleared, however the show line cmd with the rcmd cmd on the backup box confirms this is not happening. now im stuck as the active box cannot be accessed at all via console or telnet. i was thinking of below steps to be carried out.1. to failover the boxes and make the backup as master2. then try to take the faulty box off the network and troubleshoot (are there any other commands that i should use to troubleshoot)3. if nothing works try rebooting the box and check
NOTE: the software running is version 7.20.30.3 with standard feature set. we are not using cvdm or the CSS GUI. we could access the css initially on CSS gui and that is also not working now.
I have a customer with a 861 ISR.I want to block all the privilege 0 users from access the enable command
If i telnet into the device, as a priv=0, enable does not work
If i telnet into the device, as a priv=15, enable does work
If i telnet into the device, as a priv=0, enable does not work
If i telnet into the device, as a priv=15, enable does not work
I have issued the command:privilege exec level 15 enable Should block everyone except 15's from accessing the enable command SSH and TELNET are on the same vty:
line con 0
login authentication local_authen
no modem enable
line aux 0
line vty 0 3
[code]....
Basically TELNET is following the rules ( priv=0 not allowed to access enable ) but SSH is not following the rules ( both priv=15 and priv=0 cannot access the command ) is there a way from blocking somes users from login in completely?
I only want SSH to be allowed when accessing this switch, but telnet is still allowed, why? Whe authenticate via radius.version 12.2no service padservice timestamps debug datetime msecservice timestamps log datetime msecservice password-encryption!hostname 3750!boot-start-markerboot-end-marker!logging buffered 64000logging console informationallogging monitor informationalenable secret 5 $1$1K$!username admin privilege 15 secret 5 $1$Bs$cLHusername users view priv3 secret 5 $1$Jfnviwp!!aaa new-model!!aaa authentication login default group radius localaaa authentication enable default lineaaa authorization consoleaaa authorization exec default group radius local !!!aaa session-id commonclock timezone GMT 0clock summer-time BST recurring last Sun Mar 2:00 last Sun Oct 3:00switch 1 provision ws-c3750g-12sswitch 2 provision ws-c3750g-12ssystem mtu routing 1500udld aggressiveno ip domain-lookupip domain-name CB!!login on-failure loglogin on-success log!!crypto pki trustpoint TP-self-signed-3817403392enrollment selfsignedsubject-name cn=IOS-Self-Signed-Certificate-3817403392revocation-check nonersakeypair TP-self-signed-3817403392!!crypto pki certificate chain TP-self-signed-3817403392certificate self-signed 01 3082024C 308201B5 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 33383137 34303333 3932301E 170D3132 30343133 31303539 33395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 38313734 30333339 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100C31D AE6DD8B5 56245317 AD96F4F4 727385D4 97A5B138 488A215E 4294FC40 1C5B2F26 2B75E1CF E562F240 118F2F50 0CFF2449 16EC66EA 2D489F5F F36BFD05 ACCC79CA DDDA984D 4CB7AB DD95A5E0 9274A225 3F5A3634 DEBF1A2A 416E2189 B35B4473 C7D5EE2C E3D41675 A86F31CD.
View 3 Replies View RelatedI have configured the ip telnet source-interface Loopback 0 command on a Nexus7010, but when I telnet to another device and do a show users, the ip address is of the closest interface to the device I telnet to, not the ip address of the Loopback. All interfaces are in vrf default. I am running 5.1(6) NXOS.
View 6 Replies View Relatedaccessing my cisco ASA, last night we were doing VA on our ASA, after that iam not able to access it through ssh nor telnet. its not giving me any error.. i tried from different system also. SSH & telnet allowed from inside to 0.0.0.0 i have re-generated rsa keys when it was working. ASA version is 8.2 now when i connect telent is giving me blank prompt. i can login using ASDM.
View 5 Replies View RelatedI have an early model PIX-515 that hasn't been used in a long time but I want to get it working again in a lab environment. I am at loss right now on how to get into it though.
CONSOLE:
I've tried connecting from the PC's serial port to the units console port using Cisco's blue cable with no avail. All I get is a cursor but no response. I've tried using 9600,8,none,1,none as settings and I can sucessfully console a Cisco 1700 router with those same settings in Putty no problem, but it doesn't work with this Pix. I've also tried using other possible common speeds like 1200,1400,4800,19200, 38400, 57600 and 115200 in case the firewall was set to use those and that didn't work either.
[code]...
I setup a site-to-site VPN tunnel at the remote ASA5505. I am able to asdm to the outside interface but not ssh. I switch to telnet and still not allow me to access. I added an ACL to allow telnet any to the outside interface but still not working. In ASDM I see the log Here is the second issue. When I want to change the telnet back to ssh using ASDM I got the following error.
View 2 Replies View RelatedI can't telnet from a host(Ubuntu 12.10) in our DMZ to an outside MX on port TCP 587. Inspection for ESMTP not enabled. Port 587 enabled for host in DMZ to any.
View 12 Replies View RelatedWhen users are VPN connected their telnet sessions timeout after an hour of inactivity. Looking at the connections on the firewall they are showing as idle. Is there a configuration change or something else that has to be modified?
View 2 Replies View RelatedI have a question about my ASA 5520, it worked well till two weeks ago, and suddenly cannot be accessed by SSH/Telnet/TFTP....only can use the Consoel port to access it now, but other VPN/ACL setting working well. [code] If I enabled the outside access for SSH like below, it works well for outside port.ssh 0.0.0.0 0.0.0.0 outside.
View 3 Replies View RelatedI am unable to Telnet/SSH/RDP from my inside network to my DMZ. I am not sure where the problem lies, I am able to use VNC from the inside to the DMZ (ports 5800, 5900), and also establish connection on Ports (26700-26899). I have a computer connected directly to the DMZ and those services work to all networks on the DMZ.I have attached Logs of successful VNC connections, unsuccessful RDP and Telnet sessions, and the running config.
View 23 Replies View RelatedI have a vpn ssl remote access with a fw asa 5510 version 8.02. When users use any connect vpn ssl they in the Lan can access to the servers,but they can not access using ssh or telnet to inside fw asa.
aaa authentication ssh console LOCAL
ssh 0.0.0.0 0.0.0.0 outside
ssh 0.0.0.0 0.0.0.0 inside
ssh timeout 30
After enabling AAA FWSM lost opportunity telnet session. FWSM version 3.2(5). In the logs show that resets itself FWSM telnet session.
Conf.,aaa-server TACACS+ (management) host 192.2.151.111
key aaa authentication ssh console TACACS+ LOCAL
aaa authentication enable console TACACS+ LOCAL
aaa authentication telnet console TACACS+ LOCAL
[Code] .....
I am using a Cisco 2801 Router and currently have Telnet enabled on all interfaces. How do I change that so it is enabled from all inside networks, but not on the outside interface?
View 12 Replies View RelatedI have a cisco asa 5520. i need to forward telnet to a router on the inside interface. Here is what i have done so far but it doesnt seem to be working.
I have created an access-list that looks like this:
access-list 102 extended permit tcp any host 10.10.60.2 eq telnet
But when do this it still doesnt forward my request to the router at 10.10.60.2 . So just to explain what im trying to do. I use Putty, i am putting the outside interface IP into putty, selecting telnet and opening the session. i need the outside interface to see this request and know to forward port 23 to the router on the inside interface with IP 10.10.60.2. The ASA is running version: asa842-k8.bin
I got 2 x 5520 ASAs configured in active/standby mode and they are connected to 2 x 4500 switches in which too configured for failover.Telnet to ASAs is allowed only via subnet 172.18.0.0./24
I can only ping and telnet to the active ASA from subnet 172.18.0.0./24 but not the standby But i can ping and telnet to both the active and standby ASAs within the 4500 switches.
I want to disable the telnet option/feature on ASA 5510
i tried no telnet alone it wont work as i didnt configured any telnet at all.
I am having some troubles finding information about how to configure firewall policies (rules, chains, etc.) via telnet on a RV016. The reason for that is that i keep getting some log entries "connection refused - policy violation" and "blocked" even with my firewall wide open (only allow rules on all interfaces, SPI and block wan request disabled, multicast and https enabled, etc.... ). Also, with these exact same rules, i can only connect via PPTP with the firewall disabled. The minute i tick the enable option the tunnel never gets to authentication phase. I then started reading OpenRG manual and many things are quite similar, but some other entries are missing from that manual (maybe some changes made by cisco?). I am trying to figure out some service ids, chains (e.g. the rv016 has some rules redirecting to chains 10, 100, 200 but i can not find them anywhere), and so on. I have only one rv016 and about 60 connections to it so i can not experiment that much without having the whole company on my neck with internet problems.
View 2 Replies View Relatedhow do i change the telnet and enable and vpn user password on asa 5570.
View 4 Replies View RelatedI have a network with 3 sites that are on different subnets. Each site has an ASA Right now, I am only able to connect to the ASA that is connected to the subnet I am connected to.I want to be able to connect to the ASA that are on the remote subnets on the address of the inside interface.The sites are connected all together by site-to-site VPN.Is there any way I can achieve that without opening the outside interface directly on the Internet?
View 2 Replies View RelatedCannot connect to ACS device using telnet IP: port 1812? Seems it is using this port config by default.Is it because of the port it's trying to use? Is there a way of changing the port? If so, where does one do this in the ACS device?I have two 4400 series WLC's one is on the same network segment as the ACS, I can authenticate through the ACS on this one. The other WLC at a different location, cannot authenticate through the ACS.
View 2 Replies View Relatedmy ASA config does not work? My config is attached in a txt file.
I tried to forward port 25 and 110 from the outside to the inside server, but I can't connect...
I have a 891 router I have been testing some things on. I have been able to successfully telnet to it in the past with no problems. Just yesterday I was trying to set an interface to have an IP of 10.10.10.2 which I realized was an IP I had forgot to exlcude from DHCP and it was handed out to the computer I was using to telnet in. So I wrote in the exlcude commands and did an ipconfig -release ipconfig -renew on my PC that had the 10.10.10.2 IP. After the renew I was given 10.10.10.7 (put in a few more excludes).However the release dropped my telnet connection and afterwards I was completely unable to telnet in, getting the error that says I cannot open the connection on port 23. I had made some changes to my entire config beforehand which had it switch to use a new public IP. I never saved the changes and did a hard reset by unplugging the router to get my old config back and see if I could telnet after that. Still could not get in, same error. Well I went through and remade my entire config to use the new public IP. My 10.10.10.7 PC can access the internet, DNS, ping the router, all just fine. Still can't telnet. I remade my line/vty config and made sure it matched up with a config I had on another router. Still can't telnet. Last thing I did was go in and manually clear all open line connections. All that is left is an idle 0 con 0 line that it wont let me close. Still can't telnet.What the **** is going on with this thing? I am completely at a loss to explain why I cant telnet. It must be something in my ACLs that I am missing?
View 2 Replies View RelatedI have a cisco 3750 switch and i given 2vlans (40, 118). 40 is local and 118 is public.I given the public ip for vlan 118. now i am able to telnet from same vlan (118 only) but i am not able to ping and telnet as globally. [code]
View 5 Replies View RelatedI found the link that effectively said PIX/ASA 7.x does not support FTP with TLS/SSL (FTP/FTPS). I can't find anything which states whether it works on a later release? We have 8.2(1) and we are struggling to implement it. The FTP/FTPS server is in the DMZ and is hosted by Windows 2008 IIS 7.5. How to get this solution implemented, as the contractor from our local Cisco vendor spent 3 hours on it and couldn't get it working this morning.
View 1 Replies View RelatedI have a windows 2003 server and an ASA 5512
I'm trying to use SSLVPN and it was all working, and I don't believe any configs on either box have been changed.
On Friday people were connecting, but now I get a message "Login Error" in the browser. In the ASDM home 'latest ADSM Syslog Messsages' I get "AAA authentication server not accessible", followed by two messsages AAA Marking LDAP server in group as FAILED AAA Marking LDAP server in group as ACTIVE
When I go to configuration --> Remote Access VPN --> AAA/Local Users AAA server groups and click on my RADIUS server and click Test, it takes a while and says ERROR: AD agent Server not responding: No error
If I stop my IAS server on my Windows box i get the same error but much more quickly.
I have a sonciwall set up doing the same thing, and RADIUS seems to work happily, so I don't think it's the server config...
I recently acquired a used ASA 5505 and have encountered issues with getting the PoE output on Ports 6 & 7 working. Theese two PoE ports are behaving like all the other ports (100mbit, Vlan 1). Per the best I could Google, I made sure the all relevant ports are set to "auto" for duplex and link speed. Again, the ports do work for data - just not PoE. The LEDs light up ok.
I've tested four different working devices that can be powered off PoE with it, and all failed to power up using a straight-thru Ethernet cable connected to ports 6 & 7.
Ubiquiti PicoStation M2
MikroTik OmniTik
MikroTik RB450G
MikroTik RB433
What should I do to get PoE working? Is it a defective unit?
: Saved
: Written by enable_15 at 18:56:43.926 CDT Sun Jun 3 2012
!
ASA Version 8.4(4)
[Code].....
i'm trying to setup my 5505 for SSH but it seem doesn't work. console and HTTPS/ASDM are working.
my teraterm is just stuck with the user/password screen. also tried using putty but still failed.
ciscoasa# exit
Logoff
Username: admin
[Code].....
I have recently upgraded ASA to 8.4 and found that ASDM is not working on it. I tried the latest ASDM version 7.1 still no luck. When I try to access ASA using IE...it just shows " Page can not be displayed "
Following is the config which I have
http server enable
http 0.0.0.0 0.0.0.0 inside
http 10.52.193.218 255.255.255.255 inside
asdm image disk0:/asdm-711-52.bin
asdm location 0.0.0.0 0.0.0.0 inside
asdm history enable
Is there anything else required in ASA 8.4 for ASDM to work? When I telnet to ASA interface with 443 port it works