{"id":1199,"date":"2016-05-30T15:46:04","date_gmt":"2016-05-30T14:46:04","guid":{"rendered":"http:\/\/diablo.craem.net\/?p=1199"},"modified":"2016-05-30T15:46:04","modified_gmt":"2016-05-30T14:46:04","slug":"cisco-asa-8-2-to-9-x-migrando-parte-4","status":"publish","type":"post","link":"https:\/\/diablo.craem.net\/?p=1199","title":{"rendered":"Cisco ASA 8.2 to 9.x :: migrando :: parte 4"},"content":{"rendered":"

Seguimos migrando….
\nAhora toca a\u00f1adir ssh para acceder a la config desde el exterior… los pasos:
\n
\nasa(config)#username pix password password privilege 15
\nasa(config)#aaa authentication ssh console LOCAL
\nasa(config)#crypto key generate rsa
\nWARNING: You have a RSA keypair already defined named .
\nDo you really want to replace them? [yes\/no]: yes
\nKeypair generation process begin. Please wait...
\nasa(config)#ssh 1.1.1.0 255.255.255.0 outside
\n<\/code>
\nY ahora ordenamos los nats….. en las configs anteriores no estaba del todo claro:
\nsuponemos que tenemos los servers siguientes:
\nserver11, server12 y server13 y hemos de abrir varios puertos con cada uno de ellos:
\n
\nobject network srv-192.168.0.13_3389
\n host 192.168.0.13
\n description server13_3389
\nobject network srv-192.168.0.12_21
\n host 192.168.0.12
\n description server12_21
\nobject network srv-192.168.0.12_20
\n host 192.168.0.12
\n description server12_20
\nobject network srv-192.168.0.12_20_udp
\n host 192.168.0.12
\n description server12_20
\nobject network srv-192.168.0.11_80
\n host 192.168.0.11
\n description server11_80
\nobject network srv-192.168.0.11_443
\n host 192.168.0.11
\n description server11_443
\nobject network srv-192.168.0.11_110
\n host 192.168.0.11
\n description server11_110
\nobject network srv-192.168.0.11_143
\n host 192.168.0.11
\n description server11_143
\nobject network srv-192.168.0.11_587
\n host 192.168.0.11
\n description server11_587
\naccess-list outside_in extended permit tcp any object server13 eq 444
\naccess-list outside_in extended permit tcp any object server13 eq 3389
\naccess-list outside_in extended permit tcp any object server12 eq ftp
\naccess-list outside_in extended permit tcp any object server12 eq ftp-data
\naccess-list outside_in extended permit udp any object server12 eq 20
\naccess-list outside_in extended permit tcp any object server11 eq www
\naccess-list outside_in extended permit tcp any object server11 eq httpss
\naccess-list outside_in extended permit tcp any object server11 eq pop3
\naccess-list outside_in extended permit tcp any object server11 eq imap4
\naccess-list outside_in extended permit tcp any object server11 eq 587
\nobject network srv-192.168.0.13_444
\n nat (inside,outside) static interface service tcp 444 444
\nobject network srv-192.168.0.13_3389
\n nat (inside,outside) static interface service tcp 3389 3389
\nobject network srv-192.168.0.12_21
\n nat (inside,outside) static interface service tcp ftp ftp
\nobject network srv-192.168.0.12_20
\n nat (inside,outside) static interface service tcp ftp-data ftp-data
\nobject network srv-192.168.0.12_20_udp
\n nat (inside,outside) static interface service tcp ftp-data ftp-data
\nobject network srv-192.168.0.11_80
\n nat (inside,outside) static interface service tcp www www
\nobject network srv-192.168.0.11_443
\n nat (inside,outside) static interface service tcp httpss httpss
\nobject network srv-192.168.0.11_110
\n nat (inside,outside) static interface service tcp pop3 pop3
\nobject network srv-192.168.0.11_143
\n nat (inside,outside) static interface service tcp imap4 imap4
\naccess-group outside_in in interface outside
\n<\/code>
\nEs bastante m\u00e1s engorroso, pero supongo que tendr\u00e1 una explicaci\u00f3n \ud83d\ude09<\/p>\n","protected":false},"excerpt":{"rendered":"

Seguimos migrando…. Ahora toca a\u00f1adir ssh para acceder a la config desde el exterior… los pasos: asa(config)#username pix password password privilege 15 asa(config)#aaa authentication ssh console LOCAL asa(config)#crypto key generate rsa WARNING: You have a RSA keypair already defined named . Do you really want to replace them? [yes\/no]: yes Keypair generation process begin. Please […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[13,25,41],"class_list":["post-1199","post","type-post","status-publish","format-standard","hentry","category-cisco","tag-9-x","tag-asa","tag-cisco"],"_links":{"self":[{"href":"https:\/\/diablo.craem.net\/index.php?rest_route=\/wp\/v2\/posts\/1199","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/diablo.craem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/diablo.craem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/diablo.craem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/diablo.craem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1199"}],"version-history":[{"count":0,"href":"https:\/\/diablo.craem.net\/index.php?rest_route=\/wp\/v2\/posts\/1199\/revisions"}],"wp:attachment":[{"href":"https:\/\/diablo.craem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1199"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/diablo.craem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1199"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/diablo.craem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1199"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}