Accessing an ASA 8.2.1 0 -AAA

Unanswered Question
Aug 18th, 2009

guys,


the only way I can access my ASA is via SSH. It asks me for username which I put "pix" and for the password, I put the enable password I created.


This however only gets me half way in because it then asks for the enable password. I type the enable password and I get in.


I created the command "aaa authentication ssh console LOCAL" and now as soon as I ssh to the ASA, it won't let me type the default username pix with the default enable password for the password... this is actually good because I am now forced to type the local credentials however when I do that, I am still not getting into privelele mode. I still have to type the enable password.


How can I configure the ASA to have user's (with level 15) type their credentials and get directly into privilege mode without the ASA asking them for the enable password???


I don't want give out the enable password to every admin that needs to access the ASA...


any help will be appreciated




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Yudong Wu Tue, 08/18/2009 - 11:39

ASA is not like IOS box. In IOS box, you can let user get into enable mode directly after login. This feature is not available on ASA as far as I know.

insccisco Tue, 08/18/2009 - 11:44

are you sure?


how can you have delegated accounts then on an ASA?


are you then saying that every admin will have to know the enable password?



insccisco Tue, 08/18/2009 - 11:59

it's hard to beleive... so how do you properly delegate access to an ASA to few different administrators?


there has to be a way.

Yudong Wu Tue, 08/18/2009 - 12:08

you can setup enable password in different levels.

user pass level <#>


When they login, they need use "enable " and related enable password to login.



Actions

This Discussion