Proper use of encrypted command when setting password
I currently have my 501 setup without any user name...I only enter a password to enter PDM or Telnet. I now want to configure the 501 with a username but it is a little unclear to me when to use the encrypted option when setting the password via the username command.
I want to continue to use the password I have already set up. I assume that password is currently encrypted since it is stored in the 501. Does that mean when I use the same password in the username command I need to also use the encrypted option? What would happen if I didn't use the encrypted option...would the password then be "doubly encrypted" which would render it unusable or what.
Once I am sure the telnet and http username and password work properly can I just enter additional aaa authentication commands to add that username and password to, for instance,
I hope I explained this well enough...I am quite PIX illiterate at this point.
Re: Proper use of encrypted command when setting password
The encrypted keyword is only used when you are inputting an already encrypted password. Don't bother with the encrypted keyword. configure your username and password using the same cleartext password as used for telnet etc. if you wish. They are not related as far as the configuration goes and all passwords are encrypted by the pix.
username myname password cisco123 privilege 15
Best option is to setup AAA authentication using the LOCAL keyword which allows the use of the local user database on the pix instead of an external RADIUS or TACACS+ box.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...