We have ASA with software 7.2.4 configured for AAA on ACS v4.2.
Configuration is as follows:
aaa-server TAC protocol tacacs+
aaa-server TAC (mgmt) host 192.168.1.11
aaa-server RAD protocol radius
aaa-server RAD (mgmt) host 192.168.1.11
aaa authentication http console RAD LOCAL
aaa authentication serial console RAD LOCAL
aaa authentication ssh console RAD LOCAL
aaa authentication enable console TAC LOCAL
aaa authorization command TAC LOCAL
aaa accounting ssh console TAC
aaa accounting command TAC
Everything is working fine except access to privileged mode while connecting over console port. Console port authentication is working OK.
Because of multiple context, after logging in we enter System context.
After issuing "enable" command ASA accepts only configured enable secret in system context and changes user ID to enable_15, so we are unable to do user-level command authorization and accounting.
It seems that ASA in system context is not aware of any AAA configuration, and there isn't any command to configure AAA in system context.
Is there any way to configure enable authentication over AAA in system context?
Thanks in advance!