cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

680
Views
0
Helpful
1
Replies
Highlighted
Beginner

Issue Configuring AAA on ASA 5520

Hello All,

We have an IAS (Internet Authentication Server) to authenticate all our network devices. This server is integrated with our local AD server so that we can use our domain credentials to login into the netwoerk devices. i have successfully configured all our L2 & L3 switches with IAS but facing issue with ASA 5520. Below is the config i have applied on ASA. When i am testing the authentication with IAS server, i am getting "Authentication Successful" message.

aaa-server AAA protocol radius

aaa-server AAA host 10.91.38.70

key *****

aaa authentication ssh console AAA LOCAL

..............................................................

INTMUM1FW0002# test aaa-server authentication AAA username amit.rane password ******

Server IP Address or name: 10.91.38.70

INFO: Attempting Authentication test to IP address <10.91.38.70> (timeout: 12 seconds)

INFO: Authentication Successful

INTMUM1FW0002#

INTMUM1FW0002#

..............................................................................

Also when i am trying to telnet the Firewall, i am directly getting password promt. I should first get the username promt wherein i can enter my domain username. Need help on this.

Thanks in advance.

Regards,

Amit R.

Everyone's tags (5)
1 REPLY 1
Highlighted
Cisco Employee

Issue Configuring AAA on ASA 5520

Hello Amit-

The telnet and ssh are treated separate so you will need to configure aaa for your telnet access as well:

aaa authenticaiton telnet console AAA LOCAL

Also, what version of code are you using on your ASA? Usually you need to specify the interface where the AAA server is located at. For example:

aaa-server AAAA (management) host 192.168.1.5 key **********

Hope this helps!

Thank you for rating!