Enable password issue on ASA

rmrahman0302 · ‎11-19-2010

Hi,

One of my customer is having problem to login to the ASA at the privilege mode, He has access through ASDM. He has changed the enable password through ASDM but no luck. Here is the config:

aaa authentication ssh console Radius LOCAL
aaa authentication enable console Radius LOCAL
aaa authentication http console Radius LOCAL
aaa accounting enable console Radius

aaa accounting ssh console Radius

He tried by disabling the Radius server to login local but didn't work. Anybody has any idea?

Thanks.

Federico Coto Fajardo · ‎11-19-2010

Hi,

If you remove this command can you log in?

no aaa authentication enable console Radius LOCAL

It's going to ask Radius authentication for the enable password when connected via the console, so can you try to remove the command via a telnet/SSH session?

Federico.

rmrahman0302 · ‎11-19-2010

Hi,

I guess he didn't test that by removing the command. But the problem is that he doesn't have privilege level access via SSH or Telnet.

Federico Coto Fajardo · ‎11-19-2010

Does he have access to the CLI of the ASA at this moment? Or it's locked out the privilege mode?

Federico.

rmrahman0302 · ‎11-19-2010

He doesn't have privilege level access through the CLI .

Federico Coto Fajardo · ‎11-19-2010

Has the configuration already been saved to flash?

If not... could reload the ASA to log in...

Another option is to disable the authentication method against the Radius via ASDM and do a password recovery on the ASA via rommon mode.

Federico.

rmrahman0302 · ‎11-19-2010

Thanks for your reply. It is already saved. May be he can bypass Radius server and use local database:

aaa authentication enable console LOCAL

aaa accounting enable console LOCAL

Federico Coto Fajardo · ‎11-19-2010

Yes, can you try that and post the result?

Federico.