Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Setting up AAA on PIX515e

Trying to set up AAA on the PIX515e so I assign accounts with different privilege levels for access. I used aaa-model on my routers and it worked fine. I am stuck here. Any advice or direction is greatly welcome! TIA, Gary /

5 REPLIES
New Member

Re: Setting up AAA on PIX515e

hi gary could u tell me what u are trying to do. i can easily help u out.

set the aaa authentication serial console LOCAL

aaa authorisation command LOAL

create the uses with respective privilege levels.

then with the privilege commands se the commands.

we have show commands ,clear commands and the actual commands eg:access-list

see in pix we can see the show commands at the exec mode as well as the configure mode as well. similarly allowing the clear commadn make sure the user is not allowed to execute the clear configure command. cause then he can overwrite all ur configuration.

tell me ur requirements i can help u out.

regards

sebastan

New Member

Re: Setting up AAA on PIX515e

Thank your for your time. I am new to creating accounts with AAA. I simple want to have staff log into this firewall with their name and password. We have presently been using priviledge account for everything.

TIA,

Gary

Re: Setting up AAA on PIX515e

Hi try the below commands .. NOTE; this will use the local database on the PIX and so you need to cerate the username and passwords on the PIX itself. You could also use a radius server if you like.

aaa-server LOCAL protocol local

aaa authentication http console LOCAL

aaa authentication ssh console LOCAL

aaa authorization command LOCAL

username user password **** privilege

I hope it helps ... please rate it if it does !!!

New Member

Re: Setting up AAA on PIX515e

Thank you very much. I am trying to set up our PIX515e to accept ssh connections with individual user accounts....

TIA,

Gary

Re: Setting up AAA on PIX515e

yes ... so this should work as long as you open access to yur PIX by ssh ..

ssh ip_address [netmask] [interface_name]

where ip_address is the Ip address(s) allowed to connect

Interface_name is the interface they can connect to i.e inside

I hope it helps .. please rate it if it does !!!

139
Views
0
Helpful
5
Replies
CreatePlease login to create content