Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Cisco Pix515e or ASA Auto Enable Mode using Cisco ACS AAA

I have AAA authenication working on our PIX and Switches with a backend Cisco ACS server. I'm able to login via Cisco Radius in enable mode on the Cat switches. Problem I have is I'm not sure of what is required to go right into enable mode on the Pix's/ASA's so that I don't have to type in the enable password when logging into the PIX. Here is my command I use on the Switches which automatically puts me into enable mode when I login successfully with Cisco ACS Radius LDAP authenication.

aaa new-model


aaa authentication login CiscoACS group radius local


aaa authorization exec CiscoACS group radius local if-authenticated


line vty 0 15

authorization exec CiscoACS

login authentication CiscoACS

Does anyone know what is the command I can use that would allow me to get authorization exec on a PIX or ASA 5505?


Re: Cisco Pix515e or ASA Auto Enable Mode using Cisco ACS AAA


PIX/ASA works in a different way then IOS devices does.

what you seek is not possible. We do not have something as EXEC authorization on PIX/ASA, so we cannot go directly into enable/privileged mode.

Reason for this is, Under normal circumstances, the AAA server could reply to the initial authentication/authorization request with "priv-lvl", and the users session would assume this level, without having to enter and additional commands (like ).

But such feature is not available on PIX/ASA.



Community Member

Hi,Actually it is possible -


Actually it is possible - i can't be sure if it is the new version of ASA that allows it.

I am running asa916-k8.bin on 5510

The command is aaa authorization exec LOCAL auto-enable


Ravi L

CreatePlease to create content