https://community.cisco.com/t5/network-security/asa-aaa-authentication-enable-console-local/m-p/3336039#M969740 <P>I want configure ASA, so it requires local username and password for enable mode.</P> <P><STRONG>Command:</STRONG> aaa authentication enable console LOCAL</P> <P>When I configure this command, I am not able to login even though the following configuration already exists:</P> <P>username xxxxxx password xxxxxxxxxxxxxxxxxxx encrypted privilege 15</P> <P>enable password xxxxxxxxxxxxxxxxxx encrypted</P> <P>&nbsp;</P> <P><STRONG>when I configure the following it works:</STRONG></P> <P>username xxxxxx password xxxxxxxxxxxxxxxxxxx</P> <P>aaa authentication enable console LOCAL</P> <P>&nbsp;</P> <P>Question:</P> <P>Why “username xxxxxx password xxxxxxxxxxxxxxxxxxx encrypted privilege 15” username and password is not used, when configure <STRONG>aaa authentication enable console LOCAL?</STRONG></P> Fri, 21 Feb 2020 15:23:59 GMT Praveen Kumar 2020-02-21T15:23:59Z https://community.cisco.com/t5/network-security/asa-aaa-authentication-enable-console-local/m-p/3336039#M969740 <P>I want configure ASA, so it requires local username and password for enable mode.</P> <P><STRONG>Command:</STRONG> aaa authentication enable console LOCAL</P> <P>When I configure this command, I am not able to login even though the following configuration already exists:</P> <P>username xxxxxx password xxxxxxxxxxxxxxxxxxx encrypted privilege 15</P> <P>enable password xxxxxxxxxxxxxxxxxx encrypted</P> <P>&nbsp;</P> <P><STRONG>when I configure the following it works:</STRONG></P> <P>username xxxxxx password xxxxxxxxxxxxxxxxxxx</P> <P>aaa authentication enable console LOCAL</P> <P>&nbsp;</P> <P>Question:</P> <P>Why “username xxxxxx password xxxxxxxxxxxxxxxxxxx encrypted privilege 15” username and password is not used, when configure <STRONG>aaa authentication enable console LOCAL?</STRONG></P> Fri, 21 Feb 2020 15:23:59 GMT https://community.cisco.com/t5/network-security/asa-aaa-authentication-enable-console-local/m-p/3336039#M969740 Praveen Kumar 2020-02-21T15:23:59Z https://community.cisco.com/t5/network-security/asa-aaa-authentication-enable-console-local/m-p/3336374#M969741 <P>Hi,</P> <P>&nbsp;</P> <P>How are you logging on to the firewall initially, via console or ssh\telnet. What asa software version are you using? Are you using aaa authorization?</P> <P>&nbsp;</P> <P>Thanks</P> <P>John</P> Fri, 23 Feb 2018 03:01:00 GMT https://community.cisco.com/t5/network-security/asa-aaa-authentication-enable-console-local/m-p/3336374#M969741 johnd2310 2018-02-23T03:01:00Z https://community.cisco.com/t5/network-security/asa-aaa-authentication-enable-console-local/m-p/3336972#M969748 <P>1. SSH</P> <P>2. Software Version 9.6(4)3&nbsp;</P> <P>3. no authorization</P> <P>&nbsp;</P> Fri, 23 Feb 2018 22:24:17 GMT https://community.cisco.com/t5/network-security/asa-aaa-authentication-enable-console-local/m-p/3336972#M969748 Praveen Kumar 2018-02-23T22:24:17Z https://community.cisco.com/t5/network-security/asa-aaa-authentication-enable-console-local/m-p/3337006#M969751 <BLOCKQUOTE><HR /><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/321438">@Praveen Kumar</a> wrote:<BR /> <P>1. SSH</P> <P>2. Software Version 9.6(4)3&nbsp;</P> <P>3. no authorization</P> <P>&nbsp;</P> <HR /></BLOCKQUOTE> <P>If you're using ssh, you'll need to do a couple of things. <BR />1. Create a user. (seems like you have this covered already).</P> <P>2. Enabled ssh for local authentication:</P> <PRE>aaa authentication ssh console LOCAL</PRE> <P><BR />3. generate the crypto keys for ssh:</P> <PRE>crypto key generate rsa modulus &lt;modulus number&gt;</PRE> <P>4. allow management access via ssh from a certain interface and network:</P> <PRE>ssh 192.168.1.0 255.255.255.0 inside</PRE> <P>5. open your terminal emulation software and try to ssh to an ASA interface ip (the one specified in step 4). You should now be able to login.&nbsp;</P> Sat, 24 Feb 2018 00:12:33 GMT https://community.cisco.com/t5/network-security/asa-aaa-authentication-enable-console-local/m-p/3337006#M969751 mls577 2018-02-24T00:12:33Z https://community.cisco.com/t5/network-security/asa-aaa-authentication-enable-console-local/m-p/3340763#M969755 <P>That is not really my question- my question is:</P> <P>If we already have this (see below) user account, why doesn't it work when we configure "aaa authentication ssh console LOCAL"?</P> <P>&nbsp;</P> <P>username xxxxxx password xxxxxxxxxxxxxxxxxxx encrypted privilege 15</P> Thu, 01 Mar 2018 21:39:28 GMT https://community.cisco.com/t5/network-security/asa-aaa-authentication-enable-console-local/m-p/3340763#M969755 Praveen Kumar 2018-03-01T21:39:28Z