https://community.cisco.com/t5/network-access-control/pix-aaa-enable-local-not-working/m-p/662006#M422448 <HTML><HEAD></HEAD><BODY><P>To use local enable password, can you configure the following in your active PIX, then sync with standby unit:</P><P></P><P>aaa authentication enable console LOCAL --&gt; use local enable password</P><P>aaa authentication serial console LOCAL --&gt; authenticate console access via local userID</P><P></P><P>Try to skip TACACS+ first to test the access.</P><P></P><P>HTH</P><P>AK</P></BODY></HTML> Wed, 15 Nov 2006 12:03:12 GMT a.kiprawih 2006-11-15T12:03:12Z https://community.cisco.com/t5/network-access-control/pix-aaa-enable-local-not-working/m-p/662005#M422447 <P></P><P>I have lost the ability to ping the inside interface of my failover firewall. When I try to console into the Failover, I cannot get into enable mode. I have the following Commands specified in the config:</P><P>aaa authentication serial console TACACS+ LOCAL</P><P>aaa authentication enable console TACACS+ LOCAL</P><P></P><P>I can get in with the userid and password which has a privilege level of 15 however I cannot get into enable mode. It prompts for password but does not accept it. I have specified a new enable password and done a write standby but still doesn't work. </P><P>The Pixes are using 6.3(5). There are no authorization commands specified. The authentication works fine on the primary firewall with Tacacs as it can contact the ACS Server on its inside interface. It is just the local enable part on the failover firewall that is not working.</P> Sun, 10 Mar 2019 21:50:36 GMT https://community.cisco.com/t5/network-access-control/pix-aaa-enable-local-not-working/m-p/662005#M422447 brian.oflynn 2019-03-10T21:50:36Z https://community.cisco.com/t5/network-access-control/pix-aaa-enable-local-not-working/m-p/662006#M422448 <HTML><HEAD></HEAD><BODY><P>To use local enable password, can you configure the following in your active PIX, then sync with standby unit:</P><P></P><P>aaa authentication enable console LOCAL --&gt; use local enable password</P><P>aaa authentication serial console LOCAL --&gt; authenticate console access via local userID</P><P></P><P>Try to skip TACACS+ first to test the access.</P><P></P><P>HTH</P><P>AK</P></BODY></HTML> Wed, 15 Nov 2006 12:03:12 GMT https://community.cisco.com/t5/network-access-control/pix-aaa-enable-local-not-working/m-p/662006#M422448 a.kiprawih 2006-11-15T12:03:12Z https://community.cisco.com/t5/network-access-control/pix-aaa-enable-local-not-working/m-p/662007#M422449 <HTML><HEAD></HEAD><BODY><P>Strange one this, I tried the aaa authen enable cons LOCAL also and it wouldn't let me get into enable. However, when I removed AAA for enable altogether it worked using the local enable password!</P><P>Cheers</P><P>Brian</P></BODY></HTML> Wed, 15 Nov 2006 13:48:04 GMT https://community.cisco.com/t5/network-access-control/pix-aaa-enable-local-not-working/m-p/662007#M422449 brian.oflynn 2006-11-15T13:48:04Z https://community.cisco.com/t5/network-access-control/pix-aaa-enable-local-not-working/m-p/662008#M422450 <HTML><HEAD></HEAD><BODY><P>I just test it by removing the "aaa authentication enable console LOCAL".</P><P></P><P>On the console, I can't get to enable mode. But you can do this if yo type 'login' where you need to use local user account (mine with priv 15).</P><P></P><P>Else, after logging in using the above (login) method, change the enable password to a new one. Exit from the priv mode (#), then type enable. Use the new password to get to the enable mode. It should work.</P><P></P><P>And if I put back the "aaa authentication enable console LOCAL", I can login using my local account again.</P><P></P><P>HTH</P><P>AK</P><P></P><P> </P></BODY></HTML> Wed, 15 Nov 2006 14:43:00 GMT https://community.cisco.com/t5/network-access-control/pix-aaa-enable-local-not-working/m-p/662008#M422450 a.kiprawih 2006-11-15T14:43:00Z