Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
430
Views
0
Helpful
2
Replies

ASA in failover mode has different enable password for SSH and Telnet sessions

SHANE4252
Level 1
Level 1

‎09-14-2017 03:03 PM - edited ‎02-21-2020 06:18 AM

Hello.  I've a 5520 in failover mode 8.2(5)59 and its enable password is different when I'm connecting via telnet vs SSH.  The other ASA does not have this issue.  Here are the AAA settings for the ASA in question:

exp-jka-fwl1a# sh run aaa
aaa authentication telnet console LOCAL
aaa authentication enable console LOCAL
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
aaa authentication serial console LOCAL

Would someone please explain why this is happening and how to resolve it?  I'd like to remove the telnet settings, but it seems as though I won't be able to elevate under SSH.

Labels:
0 Helpful
2 Replies 2

Spooster IT Services
Level 7
Level 7

‎09-15-2017 09:05 AM

Hi SHANE,

 

"aaa authentication enable console LOCAL" command set the enable password locally defined under "username password" command as enable password.  

Spooster IT Services Team
0 Helpful

jumora1
Level 1
Level 1

‎09-17-2017 01:30 PM

Strange as you have ssh, telnet and enable with LOCAL authentication, i've worked with that code and never had an issue.

 

I would suggest to open a TAC case 

Security Engineer
juanmh8419@gmail.com
Skype: juanmh8419@hotmail.com
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card