Cisco Pix515e or ASA Auto Enable Mode using Cisco ACS AAA
I have AAA authenication working on our PIX and Switches with a backend Cisco ACS server. I'm able to login via Cisco Radius in enable mode on the Cat switches. Problem I have is I'm not sure of what is required to go right into enable mode on the Pix's/ASA's so that I don't have to type in the enable password when logging into the PIX. Here is my command I use on the Switches which automatically puts me into enable mode when I login successfully with Cisco ACS Radius LDAP authenication.
aaa authentication login CiscoACS group radius local
aaa authorization exec CiscoACS group radius local if-authenticated
line vty 0 15
authorization exec CiscoACS
login authentication CiscoACS
Does anyone know what is the command I can use that would allow me to get authorization exec on a PIX or ASA 5505?
Re: Cisco Pix515e or ASA Auto Enable Mode using Cisco ACS AAA
PIX/ASA works in a different way then IOS devices does.
what you seek is not possible. We do not have something as EXEC authorization on PIX/ASA, so we cannot go directly into enable/privileged mode.
Reason for this is, Under normal circumstances, the AAA server could reply to the initial authentication/authorization request with "priv-lvl", and the users session would assume this level, without having to enter and additional commands (like ).
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...