topic Re: ASA Console Locked Out in Network Security

ASA Console Locked Out

zekebashi — Fri, 21 Feb 2020 16:03:54 GMT

Hello,

I've configured aaa & TACACS+ on an ASA properly where the primary authentication method is ISE and a fallback method is local. I've created enable_15 with priv 15 and another local user account (admin_acct) with priv 15, also. I can ssh using my AD account just fine and when I tried to console in and use the local account (admin_acct) and I was able to login fine. However, it seems that this local user account (admin_acct) doesn't have the proper authorization to execute any priv commands and now I am locked out on the console since I cannot issue any commands nor can I even logout. Is there any command or method that i can exit out of this cosole session so I can log back in using a different user account?

Any ideas would be appreciated.

Best, ~zK

Re: ASA Console Locked Out

Mohammed al Baqari — Tue, 07 Aug 2018 03:04:09 GMT

There is no way to clear console session other than restart. Try to create
a dummy acl on the a switch or router between ISE and ASA to blocked tacacs
traffic then use local login for console using login command

Re: ASA Console Locked Out

zekebashi — Fri, 10 Aug 2018 22:15:53 GMT

Thanks for your input.

I was able to resolve the issue by creating the same local user account on the TACACS+ server (ISE).

Thanks, ~zK