Ssh
如何在 ASA 9.1 上啟用 SSH 連結本地地址?
我有一個 Cisco ASA 5510,
9.1(7)16在 IPv6 LAN 上執行 ASA 軟體版本。我想啟用 SSH 訪問,但我遇到了以下警告:
ciscoasa(config)# show ipv6 interface management IPv6 is enabled, link-local address is fe80::21d:a2ff:fe59:4b97 No global unicast address is configured Joined group address(es): ff02::2 ff02::1 ff02::1:ff59:4b97 ICMP error messages limited to one every 100 milliseconds ICMP redirects are enabled ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds ND advertised reachable time is 0 milliseconds ND advertised retransmit interval is 1000 milliseconds ND router advertisements are sent every 200 seconds ND router advertisements live for 1800 seconds Hosts use stateless autoconfig for addresses. ciscoasa(config)# ssh fe80::/64 management WARNING! This command will not take effect until interface 'management' has been initialized with at least one global IPv6 address ciscoasa(config)#(到此地址的 SSH 連接失敗,儘管當我配置和測試 IPv4 地址時,它能夠連接)
所以,我的問題是:我需要做什麼才能允許 SSH 連接到我的 ASA 5510 的鏈路本地 IPv6 地址?
我不在乎是否必須在“僅文件”IPv6 範圍內設置一個虛擬地址以使其啟動 SSH IPv6 堆棧,或者靜態分配連結本地地址,或者什麼:我只需要以便能夠在與此環境中的其餘設備相同的子網上訪問它。
- 希望顯然,需要為 IPv6 啟用介面
ipv6 enable
- 需要在介面上配置靜態 IPv6 地址,該靜態地址可以是文件(rfc3849)地址,也可以是靜態分配的鏈路本地地址,也可以是公共地址(即使不可公開路由)
ipv6 address 2001:db8::/32