40-3
Cisco Security Appliance Command Line Configuration Guide
OL-10088-01
Chapter 40 Managing System Access
Allowing HTTPS Access for ASDM
The security appliance accepts SSH connections from all interfaces, including the one with the lowest
security level.
Step 4 (Optional) To set the duration for how long an SSH session can be idle before the security appliance
disconnects the session, enter the following command:
hostname(config)# ssh timeout minutes
Set the timeout from 1 to 60 minutes. The default is 5 minutes. The default duration is too short in most
cases and should be increased until all pre-production testing and troubleshooting has been completed.
For example, to generate RSA keys and let a host on the inside interface with an address of 192.168.1.2
access the security appliance, enter the following command:
hostname(config)# crypto key generate rsa modulus 1024
hostname(config)# write mem
hostname(config)# ssh 192.168.1.2 255.255.255.255 inside
hostname(config)# ssh 192.168.1.2 255.255.255.255 inside
hostname(config)# ssh timeout 30
To allow all users on the 192.168.3.0 network to access the security appliance on the inside interface,
the following command:
hostname(config)# ssh 192.168.3.0 255.255.255.0 inside
By default SSH allows both version one and version two. To specify the version number enter the
following command:
hostname(config)# ssh version
version_number
The version_number can be 1 or 2.
Using an SSH Client
To gain access to the security appliance console using SSH, at the SSH client enter the username pix and
enter the login password set by the password command (see the “Changing the Login Password” section
on page 8-1).
When starting an SSH session, a dot (.) displays on the security appliance console before the SSH user
authentication prompt appears, as follows:
hostname(config)# .
The display of the dot does not affect the functionality of SSH. The dot appears at the console when
generating a server key or decrypting a message using private keys during SSH key exchange before user
authentication occurs. These tasks can take up to two minutes or longer. The dot is a progress indicator
that verifies that the security appliance is busy and has not hung.
Allowing HTTPS Access for ASDM
To use ASDM, you need to enable the HTTPS server, and allow HTTPS connections to the security
appliance. All of these tasks are completed if you use the setup command. This section describes how
to manually configure ASDM access.
The security appliance allows a maximum of 5 concurrent ASDM instances per context, if available,
with a maximum of 32 ASDM instances between all contexts.
To Next Page
Loading...
Need help?
General