cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
13448
Views
0
Helpful
8
Replies

ASA 5500: Default values / Reseller

itlklubos6
Level 1
Level 1

Hi,

we installed the new ASA 5505 recently. As it was our first installation, we did everything step by step and customized the settings while firewall was already connected to the real nettwork.

1/

I would like to ask about the default user name and password for the firewall. Because we were using the firewall with these default settings for certain time, did we jeopartize our network to risk of attack?

a) Is it possible for a user from the outside (Internet) to access these default values (name/password)? According manual, the conenction is possible only from the inside of the network.

b) What other default values we should change to be on the safe side?

2/ My second question would be about the reseller. We plan to purchase the second firewall. doe anybody can recommend a relaeble resseler from the vancouver area (BC, Canada). The first firewall was purchased from the USA, but than we get the bill for the custom clearence, and it was just too much. So we would like to find a local reseller.

Thanks for help,

Lubomir

1 Accepted Solution

Accepted Solutions

the enable_15 user appears when you don't set the authentication method for the ASDM and therefore you can login with the enable password and a blank username.

Please try to do the following, set the ASDM authetication with the LCAL database but please remember the privilege 15 when you create a user:

username password privilege 15

aaa authentication http console LOCAL

The user enable 15 will be disabled

View solution in original post

8 Replies 8

torchris
Level 1
Level 1

I can answer your first question.

The default enable password is in blank and to leave it like that is a very big security risk.

A user from the outside wont be able to access the firewall unless you permitted.

Change the passwords that is the best practice

2/ My second question .. doe anybody can recommend a relaeble resseler from the vancouver area (BC, Canada).....

Simply go to partner locator link, in the right hand side Find A Certified Partner put the City and Country, it should provide you with a list of Certified cisco partners in your area.

http://www.cisco.com/web/partners/index.html

Jorge Rodriguez

Yes, I tried it, but it returned pretty big companies like Bell, for example. I will give it a try, though. Usually big companies like BIG customers.

Thank you for answer.

I changed the password for ADSM, but I didn't see where I could change the name. I guess I can not change generic user name; am I right?

So even I am requested to enter a password, I don't have supply a user name. What would be a proper way to fix this?

I think I should somhow desable generic user names an create a new user with "name" and "password".

There is a default user name and password (cisco,cisco) that you can remove with the no username cisco command and then to enter the new credentials you can enter the following:

username password privilege 15

the privilege 15 is because by default the user will be with privilege 3 and in the future this can give proiblems.

The ASDM had a blank user name and password initially.

When I changed this blank pasword from within ASDM, there was a user name "enable_15" in an edit box. I could change the password from blank, but the user name was greyed out, so I could not change it.

In a book, that I bought, I found out it is a generic user, but it didn't say anything about disabling it.

I will try if I can connect with credentials you mentioned (cisco, cisco), and will change this user name.

What should I do about "enable_#" user?

Thank you for your replies to my questions.

the enable_15 user appears when you don't set the authentication method for the ASDM and therefore you can login with the enable password and a blank username.

Please try to do the following, set the ASDM authetication with the LCAL database but please remember the privilege 15 when you create a user:

username password privilege 15

aaa authentication http console LOCAL

The user enable 15 will be disabled

I tried those commands - everything is now fine. Thank you for your help!

I would have last two questions ( maybe I should start a new thread ):

1/

Our ASA 5505 is running v7.2(4), and ASDM v. 5.2(4)

I wanted downloaded the newer version ( think the latest for ASA is 8.0(4) and ASDM 6.1(3)) I went to www.cisco.com/go/license and www.cisco.com/cgi-bin/tablebuild.pl/asa to download newer version.

On the first link I was asked for the PAK. I am not sure where I can get this authorization key - our ASA is new, we are just installing it (bought in July). That makes me think I am entitled for free download. I contacted the reseller that sold us this ASA, but he didn't reply so far…

On the second address there was a note “There are currently no files for this type”. However, as I can see at www.cisco.com/en/US/docs/security/asa/asa80/release/notes/arn804n.html there are clearly the newer version v8.0(4).

So my question would be where I could get it from?

2/

When I run ASDM, the CPU usage is 7%-12%. Considering there was no traffic at all ( no Internet connection and only a computer with ASDM connected to the ASA), it seems that CPU rate is too high. Also the ASA is quite warm. Is it natural or will it be fixed with the newer image file?

Thank you.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: