Help to configure "AAA authenticate console command" on ASA?

whiteford · ‎07-28-2008

Hi,

I have just created a local account on the ASA with zero priviledge. On the ASDM it says for No ASDM, SSH, Telnet or console access I must configure the AAA authenticate console command.

What/where is this?

sadbulali · ‎08-01-2008

To enable authentication service for access to the security appliance console over an SSH, HTTP, or Telnet connection or from the Console connector on the security appliance, use the aaa authentication console command in global configuration mode. This command also lets you enable access to privileged EXEC mode. To disable this authentication service, use the no form of this command.

whiteford · ‎08-01-2008

What command would it be?

I just need to create a local user with priviledge 0 level and most important doesn't have access to the ASDM, SSH, Telnet, Serial.

robertson.michael · ‎08-02-2008

Hi,

I'm not exactly sure what you are trying to accomplish, but to configure this command you would use the following syntax:

ASA(config)# aaa authentication console LOCAL

You'll want to fill in to be one of the following, depending on what access you are trying to authenticate via the local user database (you can configure more than one of these on separate lines):

enable - for privileged EXEC mode

http - for ASDM

serial - for console access

ssh - for SSH

telnet - for Telnet

Also, here is a link to the command reference for this command:

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/a1.html#wp1517714

Hope that helps.

-Mike