You will find a more than a few tutorials on this. Remember “write mem” at the end.
The context of is that this is for our developing lab environment and we have JUST performed a factory reset and have configured the interfaces for it.
interface GigabitEthernet0/0
ip address 203.0.113.1 255.255.255.0
nameif outside
no shutdown
interface GigabitEthernet0/1
ip address 172.16.104.1 255.255.255.0
nameif inside
no shutdownHaving said that. Let’s be about it.
Step 1: define local username
ciscoasa(config)# username admin password l3tm3inNote that the default machine name is “ciscoasa”. Here we have chosen a cheesy username and password. This is for demonstration purposes only.
Step 2: lets Define AAA lists for SSH
aaa authentication ssh console LOCALStep 3: If you desire an alternate host name now is a good time to give the ASA a name.
hostname ciscoasaStep 4: define the domain name suffix.
domain-name sparelab.netStep 5: create the key/certificate for use with SSH
crypto key generate rsa modulus 2048You may seem something like
ciscoasa(config)# crypto key generate rsa modulus 2048
WARNING: You have a RSA keypair already defined named <Default-RSA-Key>.
Do you really want to replace them? [yes/no]: yes
Keypair generation process begin. Please wait...Step 6: Let’s set the version of SSH we are using
ssh version 2Step 7: Now we can tell the ASA which hosts or networks it can expect authorized traffic from. Again this for immediate use in the lab – your exact use might very a little and for security reasons lock this down to a select number of specific hosts (secure) or open it up wider to the enterprise (172.73.255.255)
ssh 172.16.104.0 255.255.255.0 insideStep 8: Let’s write this to memory
ciscoasa# write mem
Building configuration...
Cryptochecksum: ef6e02af f31d2639 4c8c41e6 02ba4d63
2906 bytes copied in 3.190 secs (968 bytes/sec)
[OK]You are now set!
END POST
