cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2955
Views
0
Helpful
3
Replies

ISE enable password for cisco ASA

Afi GNOC
Level 1
Level 1

Hi ;

 

i am deploying ISE and want to use same password for login and enable authentication on cisco ASA firewalls

 

1- when i donot configure enable password in ISE than it does not allow me to get into device configuration mode. 

2- when i set enable password and if user change their passwords after 1st login than enable passwords dosent change and remain same.

 

i cannot see above issues with  ACS and i am using ISE 2.3

 

2 Accepted Solutions

Accepted Solutions

anthonylofreso
Level 4
Level 4

I agree with Paul. I believe we used this process for TACACS config on ASA and ISE.

https://community.cisco.com/t5/security-documents/how-to-ise-tacacs-configuration-for-asa-network-devices/ta-p/3631056

 

Though this may not exactly align with what you're trying to do since it's primarily for role based access to ASDM.

View solution in original post

Below command helped me in solving the issue, i still cannot say its a perfect solution for firewalls (ASA) but it could be accepted as a way around, thank you for helping me in connecting the dots.

 

aaa authorization exec authentication-server auto-enable

View solution in original post

3 Replies 3

paul
Level 10
Level 10

If you are using the same password for enabled as the login why bother even doing the enable password.  The ASA supports going right to # prompt just like other Cisco devices.  Send the user right to the # prompt and do command authorization and accounting.  The hold concept of enable mode is dated in my opinion especially when you have command authorization properly configured.

anthonylofreso
Level 4
Level 4

I agree with Paul. I believe we used this process for TACACS config on ASA and ISE.

https://community.cisco.com/t5/security-documents/how-to-ise-tacacs-configuration-for-asa-network-devices/ta-p/3631056

 

Though this may not exactly align with what you're trying to do since it's primarily for role based access to ASDM.

Below command helped me in solving the issue, i still cannot say its a perfect solution for firewalls (ASA) but it could be accepted as a way around, thank you for helping me in connecting the dots.

 

aaa authorization exec authentication-server auto-enable