08-23-2018 04:43 PM
Hi ;
i am deploying ISE and want to use same password for login and enable authentication on cisco ASA firewalls
1- when i donot configure enable password in ISE than it does not allow me to get into device configuration mode.
2- when i set enable password and if user change their passwords after 1st login than enable passwords dosent change and remain same.
i cannot see above issues with ACS and i am using ISE 2.3
Solved! Go to Solution.
08-24-2018 04:52 AM
I agree with Paul. I believe we used this process for TACACS config on ASA and ISE.
Though this may not exactly align with what you're trying to do since it's primarily for role based access to ASDM.
08-24-2018 01:37 PM
Below command helped me in solving the issue, i still cannot say its a perfect solution for firewalls (ASA) but it could be accepted as a way around, thank you for helping me in connecting the dots.
aaa authorization exec authentication-server auto-enable
08-23-2018 08:16 PM
If you are using the same password for enabled as the login why bother even doing the enable password. The ASA supports going right to # prompt just like other Cisco devices. Send the user right to the # prompt and do command authorization and accounting. The hold concept of enable mode is dated in my opinion especially when you have command authorization properly configured.
08-24-2018 04:52 AM
I agree with Paul. I believe we used this process for TACACS config on ASA and ISE.
Though this may not exactly align with what you're trying to do since it's primarily for role based access to ASDM.
08-24-2018 01:37 PM
Below command helped me in solving the issue, i still cannot say its a perfect solution for firewalls (ASA) but it could be accepted as a way around, thank you for helping me in connecting the dots.
aaa authorization exec authentication-server auto-enable
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide