cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
596
Views
0
Helpful
2
Replies

ASA rejects username and password

imuonagor
Level 1
Level 1

Hi,

We have ASA 5520 which we connect to using ASDM 6.0. We authenticate via an ACS.

Lately we've been having situations where we're able to open the ASDM login page, but when you type your username and password the ASA rejects it.

Same happens when you try to log in using Telnet.

We would usually reload the ASA and then connect to the device using Telnet which now accepts the username and password (after the reload). We then have to reconfigure the http commands (http 10.1.5.7 255.255.255.255 inside etc) and then log in using asdm and the ASA now accepts the username and password.

Any ideas why this is happening and what we could do to solve it?

Thanks in advance!

2 Replies 2

Panos Kampanakis
Cisco Employee
Cisco Employee

Can you check if you lost the aaa server and try to use fallback?

That would explain it only if the user didn't exist in the local db though.

PK

Need the following collected at the time of the problem.

sh tech

sh blocks

sh logs (debug level)

Make sure you have configured (sh run aaa) to fall back to LOCAL account if the ACS server is to go down for some reason.

Also, leave serial without aaa authentication and connect via console (sh log) when telnet and asdm rejects the userid to see what might be going on.

-KS

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: