Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
831
Views
0
Helpful
3
Replies

PIX AAA Enable Local not working

brian.oflynn
Level 1
Level 1

‎11-15-2006 03:22 AM - edited ‎03-10-2019 02:50 PM

I have lost the ability to ping the inside interface of my failover firewall. When I try to console into the Failover, I cannot get into enable mode. I have the following Commands specified in the config:

aaa authentication serial console TACACS+ LOCAL

aaa authentication enable console TACACS+ LOCAL

I can get in with the userid and password which has a privilege level of 15 however I cannot get into enable mode. It prompts for password but does not accept it. I have specified a new enable password and done a write standby but still doesn't work.

The Pixes are using 6.3(5). There are no authorization commands specified. The authentication works fine on the primary firewall with Tacacs as it can contact the ACS Server on its inside interface. It is just the local enable part on the failover firewall that is not working.

Labels:
0 Helpful
3 Replies 3

a.kiprawih
Level 7
Level 7

‎11-15-2006 04:03 AM

To use local enable password, can you configure the following in your active PIX, then sync with standby unit:

aaa authentication enable console LOCAL --> use local enable password

aaa authentication serial console LOCAL --> authenticate console access via local userID

Try to skip TACACS+ first to test the access.

HTH

AK

0 Helpful

brian.oflynn
Level 1
Level 1
In response to a.kiprawih

‎11-15-2006 05:48 AM

Strange one this, I tried the aaa authen enable cons LOCAL also and it wouldn't let me get into enable. However, when I removed AAA for enable altogether it worked using the local enable password!

Cheers

Brian

0 Helpful

a.kiprawih
Level 7
Level 7
In response to brian.oflynn

‎11-15-2006 06:43 AM

I just test it by removing the "aaa authentication enable console LOCAL".

On the console, I can't get to enable mode. But you can do this if yo type 'login' where you need to use local user account (mine with priv 15).

Else, after logging in using the above (login) method, change the enable password to a new one. Exit from the priv mode (#), then type enable. Use the new password to get to the enable mode. It should work.

And if I put back the "aaa authentication enable console LOCAL", I can login using my local account again.

HTH

AK

0 Helpful
Customers Also Viewed These Support Documents