Authentication on ASA

Unanswered Question
May 13th, 2009

I have a customer whom is currently using TACACS to authenticate incoming Admin session requests to the ASA appliance. Currently is uses TACACS and prompts for a username and password when you SSH to the box. Once authenticated, and then to enter priveleged EXEC mode after issuing the >enable command, the user will enter his/her password again to go to PRIV EXEC mode.

We want to change this scenario a bit. We still want the ASA to query the TACACS server to validate the user. But thereafter we want to use the LOCAL enable password on the ASA as the password to be referenced for PRIV EXEC mode.

What command will tell the ASA to reference the enable password, and not use TACACS?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
Kevin Melton Wed, 05/13/2009 - 12:00

Can you point me to where this is on the ACS box? And what version of ACS are you running. We were looking for this option on the ACS box and to this point unable to find it.


Alexei_Popik Wed, 06/10/2009 - 09:15

Hello. I'd like to join your conversation, because I have same problem.

I configure 'Use separate password', and now this password used for enable command. By the question was how to configure for using 'enable password' in Asa configuration? Or I need to configure 'Asa enable password' for all user accounts in ACS database as 'separate password' line?

Collin Clark Wed, 06/10/2009 - 10:32

Good question. I could not get it to work other than your suggestion of configure 'Asa enable password' for all user accounts in ACS database as 'separate password' line Thaat actually makes sense since the ASA is using AAA authentication and the enable password is local.

Alexei_Popik Thu, 06/11/2009 - 00:47

Thanks. One more question.

Is it possible login to Asa direct to priv. 15?

It worked with routers, but not with Asa.

Kevin Melton Mon, 06/15/2009 - 05:59


I appreciate your input on this to this point.

I am still having difficulty locating the screen from your screen shot. Is there a chance that you could provide the exact path.

I did not see it at the path "Administration Control>Administrators>(username) which is where I thought it would be.

Thanks again

Collin Clark Mon, 06/15/2009 - 06:08


>User Setup>[USERNAME]

It's under the properties of the individual user.


This Discussion