Accessing an ASA 8.2.1 0 -AAA

Unanswered Question
Aug 18th, 2009


the only way I can access my ASA is via SSH. It asks me for username which I put "pix" and for the password, I put the enable password I created.

This however only gets me half way in because it then asks for the enable password. I type the enable password and I get in.

I created the command "aaa authentication ssh console LOCAL" and now as soon as I ssh to the ASA, it won't let me type the default username pix with the default enable password for the password... this is actually good because I am now forced to type the local credentials however when I do that, I am still not getting into privelele mode. I still have to type the enable password.

How can I configure the ASA to have user's (with level 15) type their credentials and get directly into privilege mode without the ASA asking them for the enable password???

I don't want give out the enable password to every admin that needs to access the ASA...

any help will be appreciated

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Yudong Wu Tue, 08/18/2009 - 11:39

ASA is not like IOS box. In IOS box, you can let user get into enable mode directly after login. This feature is not available on ASA as far as I know.

insccisco Tue, 08/18/2009 - 11:44

are you sure?

how can you have delegated accounts then on an ASA?

are you then saying that every admin will have to know the enable password?

insccisco Tue, 08/18/2009 - 11:59

it's hard to beleive... so how do you properly delegate access to an ASA to few different administrators?

there has to be a way.

Yudong Wu Tue, 08/18/2009 - 12:08

you can setup enable password in different levels.

user pass level <#>

When they login, they need use "enable " and related enable password to login.


This Discussion