Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8883
Views
0
Helpful
4
Replies

ASA- aaa authentication enable console LOCAL

Praveen Kumar
Level 1
Level 1

‎02-22-2018 08:52 AM - edited ‎02-21-2020 07:23 AM

I want configure ASA, so it requires local username and password for enable mode.

Command: aaa authentication enable console LOCAL

When I configure this command, I am not able to login even though the following configuration already exists:

username xxxxxx password xxxxxxxxxxxxxxxxxxx encrypted privilege 15

enable password xxxxxxxxxxxxxxxxxx encrypted

 

when I configure the following it works:

username xxxxxx password xxxxxxxxxxxxxxxxxxx

aaa authentication enable console LOCAL

 

Question:

Why “username xxxxxx password xxxxxxxxxxxxxxxxxxx encrypted privilege 15” username and password is not used, when configure aaa authentication enable console LOCAL?

Labels:
0 Helpful
4 Replies 4

johnd2310
Level 8
Level 8

‎02-22-2018 07:01 PM

Hi,

 

How are you logging on to the firewall initially, via console or ssh\telnet. What asa software version are you using? Are you using aaa authorization?

 

Thanks

John

**Please rate posts you find helpful**
0 Helpful

Praveen Kumar
Level 1
Level 1
In response to johnd2310

‎02-23-2018 02:24 PM

1. SSH

2. Software Version 9.6(4)3 

3. no authorization

 

0 Helpful

mls577
Level 1
Level 1
In response to Praveen Kumar

‎02-23-2018 04:12 PM

@Praveen Kumar wrote:

1. SSH

2. Software Version 9.6(4)3 

3. no authorization

 

If you're using ssh, you'll need to do a couple of things.
1. Create a user. (seems like you have this covered already).

2. Enabled ssh for local authentication:

aaa authentication ssh console LOCAL


3. generate the crypto keys for ssh:

crypto key generate rsa modulus <modulus number>

4. allow management access via ssh from a certain interface and network:

ssh 192.168.1.0 255.255.255.0 inside

5. open your terminal emulation software and try to ssh to an ASA interface ip (the one specified in step 4). You should now be able to login. 

0 Helpful

Praveen Kumar
Level 1
Level 1
In response to mls577

‎03-01-2018 01:39 PM

That is not really my question- my question is:

If we already have this (see below) user account, why doesn't it work when we configure "aaa authentication ssh console LOCAL"?

 

username xxxxxx password xxxxxxxxxxxxxxxxxxx encrypted privilege 15

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card