I have lost the ability to ping the inside interface of my failover firewall. When I try to console into the Failover, I cannot get into enable mode. I have the following Commands specified in the config:
aaa authentication serial console TACACS+ LOCAL
aaa authentication enable console TACACS+ LOCAL
I can get in with the userid and password which has a privilege level of 15 however I cannot get into enable mode. It prompts for password but does not accept it. I have specified a new enable password and done a write standby but still doesn't work.
The Pixes are using 6.3(5). There are no authorization commands specified. The authentication works fine on the primary firewall with Tacacs as it can contact the ACS Server on its inside interface. It is just the local enable part on the failover firewall that is not working.
I just test it by removing the "aaa authentication enable console LOCAL".
On the console, I can't get to enable mode. But you can do this if yo type 'login' where you need to use local user account (mine with priv 15).
Else, after logging in using the above (login) method, change the enable password to a new one. Exit from the priv mode (#), then type enable. Use the new password to get to the enable mode. It should work.
And if I put back the "aaa authentication enable console LOCAL", I can login using my local account again.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :