cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1058
Views
0
Helpful
6
Replies

SSSH access problem in ASA 5520 v7.2

Hi all,

        I have configured 2 ASA 5520's in active/standby failover also  configured telent and SSH on the same, such that telnet uses  local datatabase for authentication and SSH use TACACS+ for AAA, the problem is that when trying to login using SSH i am able to login to the console but not to enable mode.

What could be the problem?

Sree

6 Replies 6

Jennifer Halim
Cisco Employee
Cisco Employee

Did you configure privilege level 15 for Enable options on the ACS server for the group/user?

Issue "sh run aaa", what does "aaa authentication enable console ..." line say?

-KS

Hi Husankar,

aaa authentication enable console server-group LOCAL.

Regards,

Sree

Hi halijenn,

Thanks for the quick reply. the ACS is configured properly. i am able to do the SSH normally on all other cisco devices.

Regards,

Sree

ASA works a little bit differently in regards to enable mode authentication compared to other Cisco devices, like IOS routers and switches.

Please check on the ACS server if the "enable" option of privilege level 15 on the ACS server for the  group/user is configured as advised earlier, as per the following:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00800949d6.shtml

You would also need to manually switch to enable mode on ASA:

http://www.ciscotaccc.com/kaidara-advisor/security/showcase?case=K25224726

Make sure this ACS user has priv 15 configured.

Otherwise try to just remove this line   aaa authentication enable console server-group LOCAL and use the enable password configured on the ASA.

-KS

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: