Need two different passwords for login

Unanswered Question
Jan 28th, 2008

I need the pix to emulate routers/switches. I can have a separate password that gives me telnet access and a separate password that give privExec access.

How can I do with with the ASA/Pix? Sorry don't have TACACS. Need the enable15 password to be a separate password.

Looking for defense-in-depth for password on the pix.

Now if a user is level15, the same password being used to SSH or Web into Pix/ASA is the same password to get into privExec "#" mode.

Router/switch doesn't have this issue, if you don't know the enable password, not possible to configure the equipment.

Suggestions?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ajagadee Mon, 01/28/2008 - 09:30

What is the version that you are running on the Pix and ASA. I have enclosed URLs that explains what you want to do for both version. I hope you find it useful.

Please refer the below URL for details:

Pix 6.2

http://www.cisco.com/warp/public/110/pix_command.shtml

Pix/ASA 7.0 and higher:

Follow the link where it discusses about different privilege levels for different users using local database. Even though this example is for fallback method, you can just follow the configuration guidelines and make sure that when you configure AAA commands, just use Local.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807349e7.shtml#configure-database

Regards,

Arul

** Please rate all helpful posts **

dmooreami Mon, 01/28/2008 - 09:40

Thanks, but those links don't answer the question. Running 6.3x and 7.x OS on asa's and pix's

Can I login with username/password at Level 1 access, then use another username/password to get to Level 15 enable mode?

I don't want the level 15 username/password to go directly to enable mode or have enable access. Ie; I have to telnet into a switch with a specific line password. Then I have to know the "enable" password on with switch before I can config it. Want the same on the pix.

From what I can tell, if a username/pass is set for level15 access, using the same password word for level1 access also brings the user into level 15 access

dmooreami Mon, 01/28/2008 - 11:16

Tac informs me that Level 15 is required for GUI. Not possible to have a level 1 then level 15 for GUI as you can with CLI

Actions

This Discussion