domingo, 12 de octubre de 2014

How to configure Cisco ASA 5505 SSH access

asa(config)# hostname azohia

azohia(config)# domain-name company.local

azohia(config)# crypto key generate rsa modulus 1024

azohia(config)# write memory


azohia(config)# username admin password cisco

azohia(config)# aaa authentication ssh console LOCAL

azohia(config)# ssh 192.168.1.0 255.255.255.0 inside

azohia(config)# ssh version 2   ------> Optional and preferred

azohia(config)# ssh timeout 30  ------> Optional



==============================================================


Troubleshooting

azohia# show ssh

Timeout: 5 minutes

Version allowed: 2

192.168.1.0 255.255.255.0 inside


azohia# debug ssh

debug ssh  enabled at level 1


jueves, 9 de octubre de 2014

Config DDNS ON CISCO 871, 877, 887,857 (no-ip)


ip domain lookup ------------> Avilita name resolution

ip name-server 8.8.8.8 ---------> add a DNS server 1º

ip name-server 8.8.4.4 ----------> add a DNS server 2º

ip ddns update method no-ip --> Create a pool with the "no-ip" name

HTTP ------->define the update mode


add http://username:password@dynupdate.no-ip.com/nic/update?hostname=domainname.no-ip.org --->user and password to update DDNS account

interval maximum 0 0 5 0 --->define how often will send the upgrade of public IP

interface fa 4     ------------> enters the WAN interface

ip ddns update hostname midominio.no-ip.org   ---> indicates the domain you must update

ip ddns update no-ip ------>indicates the pool you created earlier






===========================================================

Example DDNS:


ip domain lookup
ip name-server 8.8.8.8
ip name-server 8.8.4.4


ip ddns update method no-ip
HTTP
add http://username:password@dynupdate.no-ip.com/nic/update?hostname=domain.no-ip.org
interval maximum 0 0 5 0

interface fa 4
ip ddns update hostnamedomain.no-ip.org
ip ddns update no-ip


===========================================================

Troubleshooting



terminal monitor
debug ip ddns update


===========================================================

-For this written the "?" e have to write CTRL + V and then enter "?"

-887V equipment as containing adsl modem has to be applied on the interface

-The cisco asa configuration is unfortunately not possible, since HTTP is considered an insecure method
interface Dialer1