EasyManuals Logo
Home>Cisco>Firewall>FirePOWER ASA 5500 series

Cisco FirePOWER ASA 5500 series User Manual

Cisco FirePOWER ASA 5500 series
989 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #770 background imageLoading...
Page #770 background image
40-2
Cisco Security Appliance Command Line Configuration Guide
OL-10088-01
Chapter 40 Managing System Access
Allowing SSH Access
Set the timeout from 1 to 1440 minutes. The default is 5 minutes. The default duration is too short in
most cases and should be increased until all pre-production testing and troubleshooting has been
completed.
For example, to let a host on the inside interface with an address of 192.168.1.2 access the security
appliance, enter the following command:
hostname(config)# telnet 192.168.1.2 255.255.255.255 inside
hostname(config)# telnet timeout 30
To allow all users on the 192.168.3.0 network to access the security appliance on the inside interface,
enter the following command:
hostname(config)# telnet 192.168.3.0 255.255.255.0 inside
Allowing SSH Access
The security appliance allows SSH connections to the security appliance for management purposes. The
security appliance allows a maximum of 5 concurrent SSH connections per context, if available, with a
maximum of 100 connections divided between all contexts.
SSH is an application running on top of a reliable transport layer, such as TCP/IP, that provides strong
authentication and encryption capabilities. The security appliance supports the SSH remote shell
functionality provided in SSH Versions 1 and 2 and supports DES and 3DES ciphers.
Note XML management over SSL and SSH are not supported.
This section includes the following topics:
• Configuring SSH Access, page 40-2
• Using an SSH Client, page 40-3
Configuring SSH Access
To configure SSH access to the security appliance, follow these steps:
Step 1 To generate an RSA key pair, which is required for SSH, enter the following command:
hostname(config)# crypto key generate rsa modulus modulus_size
The modulus (in bits) is 512, 768, 1024, or 2048. The larger the key modulus size you specify, the longer
it takes to generate an RSA. We recommend a value of 1024.
Step 2 To save the RSA keys to persistent Flash memory, enter the following command:
hostname(config)# write mem
Step 3 To identify the IP addresses from which the security appliance accepts connections, enter the following
command for each address or subnet:
hostname(config)# ssh source_IP_address mask source_interface

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco FirePOWER ASA 5500 series and is the answer not in the manual?

Cisco FirePOWER ASA 5500 series Specifications

General IconGeneral
BrandCisco
ModelFirePOWER ASA 5500 series
CategoryFirewall
LanguageEnglish

Related product manuals