Right, it's not a router, but that doesn't stop people from running EIGRP or OSPF which essentially turns it into a one. Right or wrong, I see this all the time in different customer environments...
Of course I have the ability to see things from other peoples viewpoints, and so I get what you're saying here. As with all things security its a give and take. What i was saying was, when I'm troubleshooting a network from the ASA, there were times this feature would have come in handy. With the arrival of new commands (eg tcp ping) the need for such features is a thing of the past, assuming we're running 8.4 and above ;) -Steve On Tuesday, February 19, 2013, Piotr Matusiak wrote: > I agree that it is complete disaster when someone hacks into ASA with > administrator privileges. But most likely someone can get into as > unprivileged user and this is where he/she is looking for SSH/TELNET client > to connect to other devices in my network. > ASA is not a router, it is SECURITY device and should be hardened > properly. One of those hardening features is lack of ssh/telnet clients. > > Regards, > Piotr > > On 2/20/13 12:58 AM, Steve Di Bias wrote: > > Assuming someone hacks into your ASA, having an embedded SSH client would > be the least of your worries > > On Tuesday, February 19, 2013, Piotr Matusiak wrote: > > This is NOT missing feature. There is no TELNET/SSH client for purpose. > I wouldn't like my ASA become a hop point to the rest of my network if > someones breaks in. > > Regards, > Piotr > > > On 2/19/13 10:45 PM, Jimmy Larsson wrote: > > That has annoyed me since forever as well... > > http://nat0.net/another-missing-asa-feature-telnet-and-ssh-client/ > > Best regards > Jimmy > > > 2013/2/19 cisco 2006 <[email protected]> > > > > ----- Forwarded Message ----- > *From:* cisco 2006 <[email protected]> > *To:* "[email protected]" < > [email protected]> > *Sent:* Tuesday, 19 February 2013, 20:32 > *Subject:* Fw: SSH session > > > > Dear Sir, > > I'm preparing for CCIE Security using IPexpert materials , and I have a > question about ssh session .The question is that : > Can I opening ssh from cisco asa to another like a switch ? > > Best Regards, > Israa > > > > > -- Thanks, Steve Di Bias- CCIE #32840
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
