06-30-2008 06:29 AM - edited 03-10-2019 03:56 PM
Hi All,
I share the admin of a firewall with another a company. At the moment im unable to run any commands as i get the following error after logging in and then entering the enable password.
"Command authorization failed"
Im not sure if they have made any changes but the last change i made was to reconfigure the remote access VPN to use AAA Authentication against a MS IAS (radius server).
Here are the AAA commands before and after my change.
BEFORE
------
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
aaa authentication enable console LOCAL
aaa authentication http console LOCAL
aaa authentication ssh console LOCAL
aaa authentication telnet console LOCAL
aaa authorization command LOCAL
I then added the following lines.
aaa-server vpnauth protocol radius
aaa-server vpnauth max-failed-attempts 3
aaa-server vpnauth deadtime 10
aaa-server vpnauth (inside) host X.X.X.X PASSWORD timeout 5
And reconfigure the crypto map to use vpnauth. Remote access works fine but im totally restricted when i try and login via telnet or ssh.
Does anyone know why im locked out?
Appreciate any help as im stumped.
07-01-2008 12:34 AM
What is the privilege level of the user you are accessing? Once you enter the enable password do you go to enable mode?
I don't see how the config you added can cause this. It must be something 'else'.
Regards
Farrukh
07-01-2008 01:14 AM
Hi,
As management of this firewall is shared i cant be 100% sure that the other party didnt change anything. According to them they havent made any changes.
The user im using last had priv 15. It lets me go to enable mode OK using the password. But once in enable mode i only have a limited command set and everything i try to run returns "Command authorization failed".
Im wondering if this is a lost cause and Ill need to do a config reset... Problem is the device is located offsite.
Appreciate any help or advice.
07-01-2008 02:02 AM
Unless this is a bug, 'someone' must have changed the firewall configuration.
Regards
Farrukh
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide