Accessing an ASA 8.2.1 0 -AAA

insccisco · ‎08-18-2009

guys,

the only way I can access my ASA is via SSH. It asks me for username which I put "pix" and for the password, I put the enable password I created.

This however only gets me half way in because it then asks for the enable password. I type the enable password and I get in.

I created the command "aaa authentication ssh console LOCAL" and now as soon as I ssh to the ASA, it won't let me type the default username pix with the default enable password for the password... this is actually good because I am now forced to type the local credentials however when I do that, I am still not getting into privelele mode. I still have to type the enable password.

How can I configure the ASA to have user's (with level 15) type their credentials and get directly into privilege mode without the ASA asking them for the enable password???

I don't want give out the enable password to every admin that needs to access the ASA...

any help will be appreciated

Yudong Wu · ‎08-18-2009

ASA is not like IOS box. In IOS box, you can let user get into enable mode directly after login. This feature is not available on ASA as far as I know.

insccisco · ‎08-18-2009

are you sure?

how can you have delegated accounts then on an ASA?

are you then saying that every admin will have to know the enable password?

Yudong Wu · ‎08-18-2009

As far as I know, it's impossible on ASA.

insccisco · ‎08-18-2009

it's hard to beleive... so how do you properly delegate access to an ASA to few different administrators?

there has to be a way.

Yudong Wu · ‎08-18-2009

you can setup enable password in different levels.

user pass level <#>

When they login, they need use "enable " and related enable password to login.