cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1278
Views
0
Helpful
2
Replies
Highlighted
Beginner

Authentication to ASA Privileged mode

Hey!

I'm trying to configure ASA 5550 t8.4 so, that ssh and https access users would auth themselves vs Radius (or LDAP) server and they would be directly logged in with privilege mode 15.

I have:

Windows 2008 NTP acting as RADIUS server.

And the network policy is: Service-Type - Login, Vendor-Specific - shell:priv-lvl=15 and allow full network access.

All my AP's and switches with IOS are able to use that policy and i am able to get directly to exec mode (privilege lvl 15)

But on ASA, the user has to "enable" itself.

ASA conf:

#aaa-server <group name> protocol radius
#aaa-server <group name> (inside) host <ip address>
  key 013B072C5A26070B2475411C350A18192218313A6A671F1A1B

#(config)aaa authentication ssh console <group name> LOCAL

#(config)aaa authentication http console <group name> LOCAL

Or maybe someone has an example how to get authorization working with LDAP (Active Directory)?

2 REPLIES 2
Highlighted
Beginner

Authentication to ASA Privileged mode

Hi,

It is not possible to end up directly in enable mode on ASA. There is an enhancement BUG filed for it (CSCtc65952    ASA: capability for automatic setting enable mode for admin access).

Hope this helps,

Sian

Highlighted
Beginner

Authentication to ASA Privileged mode

Hey!

Actually it does not help:) Does cisco have an offcial document for that? And date when it will be fixed?