03-14-2016 11:33 AM - edited 03-10-2019 11:34 PM
I have AAA configured on my ASA and enable pwd is configured to use tatacs authentication. If i have to access using console, enable pwd is not accepting. so had to disable tacacs for enable mode and configured to use local pwd. what should be done so that i can use tacacs for enable pwd when accessing via ASDM/SSH/Telnet and local pwd while connecting thru console? FYI, i will use my Windows AD credentials for tacacs authentication. I have a local acc configured for console connection access.
aaa authentication ssh console BR_ACS_SVR LOCAL
aaa authentication http console BR_ACS_SVR LOCAL
aaa authentication telnet console LOCAL
aaa authentication serial console LOCAL
aaa accounting enable console Accounting
aaa accounting ssh console Accounting
aaa accounting command privilege 15 Accounting
aaa accounting telnet console BR_ACS_SVR
Thx,
sridhar
03-14-2016 11:47 AM
Hi Sridhar,
What is the ACS version you are using ?
Try using this command back:
aaa authentication
And then if it does not work check the authentication logs on the ACS.
You can also check this link as well:
https://supportforums.cisco.com/discussion/12047431/cisco-asa-tacacs-enable-mode-not-working
Regards,
Aditya
Please rate helpful posts.
Regards,
Aditya
03-25-2016 06:34 AM
hi,
i had aaa authentication enable console BR_ACS_SVR LOCAL configured earlier, but the issue with this command is it doesnt accept local enable pwd and it will point to ACS for enable pwd. I want to use local pwd for console and use tacacs for SSH/ASDM.
if the ASA is configured for tacacs authentication, is it possible to have local pwd for console and tacacs for other authentication?
thx,
sridhar
03-25-2016 10:23 AM
Sridhar,
Unfortunately this is not possible on ASA. You either have to use enable password against TACACS+ or local database. The same thing can be done on IOS using method list.
Regards,
Jatin
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide