Accessing an ASA 8.2.1 0 -AAA

Unanswered Question
Aug 18th, 2009
User Badges:

guys,


the only way I can access my ASA is via SSH. It asks me for username which I put "pix" and for the password, I put the enable password I created.


This however only gets me half way in because it then asks for the enable password. I type the enable password and I get in.


I created the command "aaa authentication ssh console LOCAL" and now as soon as I ssh to the ASA, it won't let me type the default username pix with the default enable password for the password... this is actually good because I am now forced to type the local credentials however when I do that, I am still not getting into privelele mode. I still have to type the enable password.


How can I configure the ASA to have user's (with level 15) type their credentials and get directly into privilege mode without the ASA asking them for the enable password???


I don't want give out the enable password to every admin that needs to access the ASA...


any help will be appreciated




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Yudong Wu Tue, 08/18/2009 - 11:39
User Badges:
  • Gold, 750 points or more

ASA is not like IOS box. In IOS box, you can let user get into enable mode directly after login. This feature is not available on ASA as far as I know.

insccisco Tue, 08/18/2009 - 11:44
User Badges:

are you sure?


how can you have delegated accounts then on an ASA?


are you then saying that every admin will have to know the enable password?



Yudong Wu Tue, 08/18/2009 - 11:48
User Badges:
  • Gold, 750 points or more

As far as I know, it's impossible on ASA.


insccisco Tue, 08/18/2009 - 11:59
User Badges:

it's hard to beleive... so how do you properly delegate access to an ASA to few different administrators?


there has to be a way.

Yudong Wu Tue, 08/18/2009 - 12:08
User Badges:
  • Gold, 750 points or more

you can setup enable password in different levels.

user pass level <#>


When they login, they need use "enable " and related enable password to login.



Actions

This Discussion