01-25-2010 11:37 AM - edited 03-11-2019 10:01 AM
Hi,
We have ASA 5520 which we connect to using ASDM 6.0. We authenticate via an ACS.
Lately we've been having situations where we're able to open the ASDM login page, but when you type your username and password the ASA rejects it.
Same happens when you try to log in using Telnet.
We would usually reload the ASA and then connect to the device using Telnet which now accepts the username and password (after the reload). We then have to reconfigure the http commands (http 10.1.5.7 255.255.255.255 inside etc) and then log in using asdm and the ASA now accepts the username and password.
Any ideas why this is happening and what we could do to solve it?
Thanks in advance!
01-25-2010 02:26 PM
Can you check if you lost the aaa server and try to use fallback?
That would explain it only if the user didn't exist in the local db though.
PK
01-25-2010 07:19 PM
Need the following collected at the time of the problem.
sh tech
sh blocks
sh logs (debug level)
Make sure you have configured (sh run aaa) to fall back to LOCAL account if the ACS server is to go down for some reason.
Also, leave serial without aaa authentication and connect via console (sh log) when telnet and asdm rejects the userid to see what might be going on.
-KS
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: