cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


154
Views
0
Helpful
2
Replies
Beginner

ASA in failover mode has different enable password for SSH and Telnet sessions

Hello.  I've a 5520 in failover mode 8.2(5)59 and its enable password is different when I'm connecting via telnet vs SSH.  The other ASA does not have this issue.  Here are the AAA settings for the ASA in question:

exp-jka-fwl1a# sh run aaa
aaa authentication telnet console LOCAL
aaa authentication enable console LOCAL
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
aaa authentication serial console LOCAL

Would someone please explain why this is happening and how to resolve it?  I'd like to remove the telnet settings, but it seems as though I won't be able to elevate under SSH.

2 REPLIES 2

Re: ASA in failover mode has different enable password for SSH and Telnet sessions

Hi SHANE,

 

"aaa authentication enable console LOCAL" command set the enable password locally defined under "username password" command as enable password.  

SD-WAN Specialist
Spooster IT Services
Beginner

Re: ASA in failover mode has different enable password for SSH and Telnet sessions

Strange as you have ssh, telnet and enable with LOCAL authentication, i've worked with that code and never had an issue.

 

I would suggest to open a TAC case 

Security Engineer
juanmh8419@gmail.com
Skype: juanmh8419@hotmail.com