Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Need two different passwords for login

I need the pix to emulate routers/switches. I can have a separate password that gives me telnet access and a separate password that give privExec access.

How can I do with with the ASA/Pix? Sorry don't have TACACS. Need the enable15 password to be a separate password.

Looking for defense-in-depth for password on the pix.

Now if a user is level15, the same password being used to SSH or Web into Pix/ASA is the same password to get into privExec "#" mode.

Router/switch doesn't have this issue, if you don't know the enable password, not possible to configure the equipment.


Cisco Employee

Re: Need two different passwords for login

What is the version that you are running on the Pix and ASA. I have enclosed URLs that explains what you want to do for both version. I hope you find it useful.

Please refer the below URL for details:

Pix 6.2

Pix/ASA 7.0 and higher:

Follow the link where it discusses about different privilege levels for different users using local database. Even though this example is for fallback method, you can just follow the configuration guidelines and make sure that when you configure AAA commands, just use Local.



** Please rate all helpful posts **

New Member

Re: Need two different passwords for login

Thanks, but those links don't answer the question. Running 6.3x and 7.x OS on asa's and pix's

Can I login with username/password at Level 1 access, then use another username/password to get to Level 15 enable mode?

I don't want the level 15 username/password to go directly to enable mode or have enable access. Ie; I have to telnet into a switch with a specific line password. Then I have to know the "enable" password on with switch before I can config it. Want the same on the pix.

From what I can tell, if a username/pass is set for level15 access, using the same password word for level1 access also brings the user into level 15 access

New Member

Re: Need two different passwords for login

Tac informs me that Level 15 is required for GUI. Not possible to have a level 1 then level 15 for GUI as you can with CLI