Router-On-A-Stick

September 21st, 2005 No comments

Configure the link between SW2 and R6 as an 802.1q trunk link. Using the subinterfaces listed in the diagram configure R6 to route traffic for both VLANs 67 and 146 on its Ethernet link.

SW2(config)#vlan 67,146
SW2(config)#int Fa 0/6
SW2(config-if)#switchport trunk encapsulation dot1q 
SW2(config-if)#switchport mode  trunk 
SW2(config-if)#end

R6(config)#int Fa 1/0.67
R6(config-subif)#encapsulation dot1Q 67
R6(config-subif)#ip address 155.1.67.6 255.255.255.0
R6(config-subif)#exit
R6(config)#int Fa 1/0.146                     
R6(config-subif)#encapsulation dot1Q 146            
R6(config-subif)#ip address 155.1.146.6 255.255.255.0
R6(config-subif)#exit
R6(config)#end

Verify that R6 has reachability to devices both on VLAN 67 and 146.

Categories: Uncategorized Tags:

Enabling ssh on a Cisco ASA

August 20th, 2005 No comments

Created a local user name and password and enable ssh:

username romeo password Cisco123!
ssh 10.10.1.0 255.255.255.0 outside

 

Enabled ssh debugging with the command “debug ssh” and received the following debug

ASA# Device ssh opened successfully.
SSH0: SSH client: IP = '10.10.1.27'  interface # = 1
SSH: unable to retrieve default host public key.  Please create a defauth RSA key pair before using SSH
SSH0: Session disconnected by SSH server - error 0x00 "Internal error"
ASA#

 

Issued the following command to generate a key:

ASA(config)# crypto key generate rsa
INFO: The name for the keys will be: <Default-RSA-Key>
Keypair generation process begin. Please wait...
ASA(config)#

 

Got a connection with the following debugging lines:

Device ssh opened successfully.
SSH0: SSH client: IP = '10.10.1.27'  interface # = 1
SSH: host key initialised
SSH: license supports 3DES: 2
SSH: license supports DES: 2
SSH0: starting SSH control process
SSH0: Exchanging versions - SSH-1.99-Cisco-1.25
SSH0: send SSH message: outdata is NULL
server version string:SSH-1.99-Cisco-1.25SSH0: receive SSH message: 83 (83)
SSH0: client version is - SSH-2.0-PuTTY_Release_0.60
client version string:SSH-2.0-PuTTY_Release_0.60SSH0: begin server key generation
SSH0: complete server key generation, elapsed time = 3030 ms
SSH2 0: SSH2_MSG_KEXINIT sent
SSH2 0: SSH2_MSG_KEXINIT received
SSH2: kex: client->server aes256-cbc hmac-sha1 none
SSH2: kex: server->client aes256-cbc hmac-sha1 none
SSH2 0: expecting SSH2_MSG_KEXDH_INIT
SSH2 0: SSH2_MSG_KEXDH_INIT received
SSH2 0: signature length 143
SSH2: kex_derive_keys complete
SSH2 0: newkeys: mode 1
SSH2 0: SSH2_MSG_NEWKEYS sent
SSH2 0: waiting for SSH2_MSG_NEWKEYS
SSH2 0: newkeys: mode 0
SSH2 0: SSH2_MSG_NEWKEYS received

 

Typed in an existing username / password that is on the ASA already, got access denied. Debugging shows:

SSH(romeo): user authen method is 'no AAA', aaa server group ID = 0
SSH2 0: authentication failed for romeo

 

AAA method setup

ASA(config)# aaa authentication ssh console LOCAL

 

Login successfully. Here is the debug log for a successful connection:

SSH(romeo): user authen method is 'use AAA', aaa server group ID = 1
SSH2 0: authentication successful for romeo
SSH2 0: channel open request
SSH2 0: pty-req request
SSH2 0: requested tty: xterm, height 24, width 80
SSH2 0: shell request
SSH2 0: shell message received

 

Enabling SSH on Cisco PIX 6.3

February 15th, 2005 No comments

To enable SSH on Cisco PIX 6.3;

Clear all RSA keys. Remove any existing keys from the database with the command:

ca zeroize rsa

Assign a host name

hostname CISCOTALK-AUS-PIX

Assigning a domain name

domain testlab.local

Generate the RSA key

ca generate rsa key 512

Save the RSA key

ca save all

Enable SSH

ssh 8.8.8.0 255.255.255.0 outside

Welcome to Innovative Technologies blog

June 30th, 2004 No comments

Hello and welcome to Innovative Technologies Blog!

Categories: IT Tags:
error: Content is protected !!