Mostrando entradas con la etiqueta cli. Mostrar todas las entradas
Mostrando entradas con la etiqueta cli. Mostrar todas las entradas

domingo, 12 de octubre de 2014

How to configure Cisco ASA 5505 SSH access

asa(config)# hostname azohia

azohia(config)# domain-name company.local

azohia(config)# crypto key generate rsa modulus 1024

azohia(config)# write memory


azohia(config)# username admin password cisco

azohia(config)# aaa authentication ssh console LOCAL

azohia(config)# ssh 192.168.1.0 255.255.255.0 inside

azohia(config)# ssh version 2   ------> Optional and preferred

azohia(config)# ssh timeout 30  ------> Optional



==============================================================


Troubleshooting

azohia# show ssh

Timeout: 5 minutes

Version allowed: 2

192.168.1.0 255.255.255.0 inside


azohia# debug ssh

debug ssh  enabled at level 1


Publicado por en No hay comentarios:
Etiquetas: , , , , , , , , , , , ,

jueves, 9 de octubre de 2014

Config DDNS ON CISCO 871, 877, 887,857 (no-ip)


ip domain lookup ------------> Avilita name resolution

ip name-server 8.8.8.8 ---------> add a DNS server 1º

ip name-server 8.8.4.4 ----------> add a DNS server 2º

ip ddns update method no-ip --> Create a pool with the "no-ip" name

HTTP ------->define the update mode


add http://username:password@dynupdate.no-ip.com/nic/update?hostname=domainname.no-ip.org --->user and password to update DDNS account

interval maximum 0 0 5 0 --->define how often will send the upgrade of public IP

interface fa 4     ------------> enters the WAN interface

ip ddns update hostname midominio.no-ip.org   ---> indicates the domain you must update

ip ddns update no-ip ------>indicates the pool you created earlier






===========================================================

Example DDNS:


ip domain lookup
ip name-server 8.8.8.8
ip name-server 8.8.4.4

ip ddns update method no-ip
HTTP
add http://username:password@dynupdate.no-ip.com/nic/update?hostname=domain.no-ip.org
interval maximum 0 0 5 0

interface fa 4
ip ddns update hostnamedomain.no-ip.org
ip ddns update no-ip


===========================================================

Troubleshooting



terminal monitor
debug ip ddns update


===========================================================

-For this written the "?" e have to write CTRL + V and then enter "?"

-887V equipment as containing adsl modem has to be applied on the interface

-The cisco asa configuration is unfortunately not possible, since HTTP is considered an insecure method
interface Dialer1

Publicado por en No hay comentarios:
Etiquetas: , , , , , , , , , , , ,

sábado, 20 de septiembre de 2014

Configuration basic ASA 5505


Direccionamiento IP  

interface Vlan1                                          
 nameif inside                                            
 security-level 100                  
 ip address 192.168.20.1 255.255.255.0

interface Vlan2
 nameif outside
 security-level 0
 ip address dhcp setroute

interface Ethernet0/0
 switchport access vlan 2
no shutdown

interface Ethernet0/1
 switchport access vlan 1
no shutdown

Dynamic NAT / PAT Overload (ios 8.3 o posterior)


object network NAT
 subnet 0.0.0.0 0.0.0.0
 nat (inside,outside) dynamic interface



Aviltar DHCP

dhcpd dns 8.8.8.8
dhcpd address 192.168.20.5-192.168.20.100 inside
dhcpd enable inside


Aviltar acceso ASDM 

Preconfigure:
interface ethernet 0/1
nameif inside

configure:
username admin password cisco privilege 15
http server enable
aaa authentication http console LOCAL
http 192.168.20.0 255.255.255.0 inside
asdm image flash:/asdm-721.bin





Requriment for ASDM:
http://www.cisco.com/c/en/us/td/docs/security/asdm/7_1/release/notes/rn71.html







Publicado por en No hay comentarios:
Etiquetas: , , , , , , , , , , , , , , , , , , ,
Suscribirse a: Entradas (Atom)