I have an ASA 5505 that was previously using an AAA server for authentication/authorization. This AAA Server is gone. Now, I'd like to log in locally. However, I do not know any local passwords. I used the Cisco guide to reset the password (confreg 0x40) and I am able to boot into privileged mode as directed. However, when I try to copy the start config to the running config I get:
Fallback authorization. username 'enable_15' not in LOCAL database
You can try to remove the aaa authorization commands but if it does let you, another way will be to backup the configuration, remove the commands from the back and add the user, then copied back to the ASA.
If you are unable to access the ASA it is very likely that either the enabl 15 user is missing or that the AAA config is not configured to use the local user account as a fall back. Have a look at this link to perform a password recovery on the ASA5505.
So almost everybody hear gave stupid answer..remove aaa or add enable privilege level 15.
None of those will work since you can't login because of authorization failed. Some suggested do it before you copy config..beautiful..but when you do that you modify running-config which is empty/clean anyways..once you copy startup to runn all those changes will be overwritten and you end up in same place you were.
Anyone has a good idea?
Seems like copying config to tftp server and modifying it there is an option..or copy the config to tftp..on asa do write mem with clean config (to clear the config ) and than paste what ever you need from tftp copy..
It seems stupid Cisco didn't compensate for option when someone will forget add authorization console LOCAL....
Nobody said here it will throw you out from console.All I was saying you can't modify it since authorization doesn't allow you to get to startup config!modifying run as people suggested and than copy startup will overwrite run..so it won't work
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :