Showing results for 
Search instead for 
Did you mean: 

Accessing an ASA 8.2.1 0 -AAA

Level 1
Level 1


the only way I can access my ASA is via SSH. It asks me for username which I put "pix" and for the password, I put the enable password I created.

This however only gets me half way in because it then asks for the enable password. I type the enable password and I get in.

I created the command "aaa authentication ssh console LOCAL" and now as soon as I ssh to the ASA, it won't let me type the default username pix with the default enable password for the password... this is actually good because I am now forced to type the local credentials however when I do that, I am still not getting into privelele mode. I still have to type the enable password.

How can I configure the ASA to have user's (with level 15) type their credentials and get directly into privilege mode without the ASA asking them for the enable password???

I don't want give out the enable password to every admin that needs to access the ASA...

any help will be appreciated

5 Replies 5

Yudong Wu
Level 7
Level 7

ASA is not like IOS box. In IOS box, you can let user get into enable mode directly after login. This feature is not available on ASA as far as I know.

are you sure?

how can you have delegated accounts then on an ASA?

are you then saying that every admin will have to know the enable password?

As far as I know, it's impossible on ASA.

it's hard to beleive... so how do you properly delegate access to an ASA to few different administrators?

there has to be a way.

you can setup enable password in different levels.

user pass level <#>

When they login, they need use "enable " and related enable password to login.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Review Cisco Networking products for a $25 gift card