Here is what i currently have configured and i'm able to access my Cat2960 from the Internet via SSHĪccess-list ALLOW_FROM_OUTSIDE extended permit tcp any object SWITCH eq ssh Hey there and thanks for your suggestions. Nat (inside,outside) static interface service tcp 2001 2001Īccess-group ALLOW_FROM_OUTSIDE in interface outside Here is relevent config for SSH for cisco 1841 (port forwarding)Īccess-list ALLOW_FROM_OUTSIDE extended permit tcp any object ROUTER eq 2001 How do i make it listen on different port? No matter what i did on the ASA, it always listens on port 22 for SSH connections. It also appears that I can't change the default SSH port on the ASA, if i could, i would and then i should be able to SSH to the Cat 2960 on port 22. It appears that changing the default SSH port on Cat 2960 is not an option. As of now, what i can do is only SSH to the ASA on default port 22 directly to the public IP and Cisco 1841 on port 2001. The bottom line is that i want to be able to SSH to all three devices from the internet. I looked to see if I can change the default port for SSH on he ASA, it does not look like this is an option. From what i can tell, on the Cat2960 i can't change the default port 22 for SSH to different port, just like i did on the Cisco 1841. I can SSH from the internet to my Cisco 1841 on port 2001. I can SSH from the internet to my ASA on default port 22, directly to my public IP. Hostname(config-ctx)# allocate-interface gigabitethernet0/1.230-gigabitethernet0/1.Cisco 1841 2.binĬat 2960 Hostname(config-ctx)# allocate-interface gigabitethernet0/1.212 int2 Hostname(config-ctx)# allocate-interface gigabitethernet0/1.200 int1 Hostname(config-ctx)# allocate-interface gigabitethernet0/0.110-gigabitethernet0/0.115 int3-int8 Hostname(config-ctx)# allocate-interface gigabitethernet0/0.102 int2 Hostname(config-ctx)# allocate-interface gigabitethernet0/0.100 int1 Hostname(config-ctx)# config-url disk0:/admin.cfg Hostname(config-ctx)# allocate-interface gigabitethernet0/1.1 Hostname(config-ctx)# allocate-interface gigabitethernet0/0.1 Hostname(config)# admin-context administrator To create a context and change between contexts Hostname(config-class)# limit-resource vpn burst other 5 Hostname(config-class)# limit-resource vpn other 10 Hostname(config-class)# limit-resource routes 5000
Hostname(config-class)# limit-resource xlates 36000
Hostname(config-class)# limit-resource telnet 5 Hostname(config-class)# limit-resource rate syslogs 5000 Hostname(config-class)# limit-resource ssh 5 Hostname(config-class)# limit-resource asdm 5 Hostname(config-class)# limit-resource hosts 9000 Hostname(config-class)# limit-resource rate inspects 500 Hostname(config-class)# limit-resource rate conns 1000 Hostname(config-class)# limit-resource conns 15%
Hostname(config-class)# limit-resource mac-addresses 10000 # E xample of gold class limit for conns to 15 percent and allow 10 site-to-site VPN Hostname(config-class)# limit-resource vpn burst other 2 Hostname(config-class)# limit-resource vpn other 5 Hostname(config-class)# limit-resource conns 10% # E xample of default class limit for conns to 10 percent and allow 5 site-to-site VPN To configure the context and class of firewalls use the commands below :Ĭopy disk0:old_running.cfg startup-config To support multi-context mode ASA needs to be configured as multiple modes. For example, allocation can set the default class limit for maximum conn ections to 10 percent instead of unlimited, and to allow 5 site-to-site VPN tunnels with 2 tunnels allowed for VPN burst. Context mode can use class es to allocate resources for particular contexts. In typical implementations, contexts are mapped into VLANs or VRFs to the rest of the network. Physical ASA appliance is divided into contexts creating many virtual firewalls. The security context is a virtual instance of firewall which are separated from each other by default. Platform: Cisco ASA 5505, 5500, 5525 Description : Software: Cisco Adaptive Security Appliance (ASA)
0 kommentar(er)
