ASA in failover mode has different enable password for SSH and Telnet sessions

SHANE4252 · ‎09-14-2017

Hello. I've a 5520 in failover mode 8.2(5)59 and its enable password is different when I'm connecting via telnet vs SSH. The other ASA does not have this issue. Here are the AAA settings for the ASA in question:

exp-jka-fwl1a# sh run aaa
aaa authentication telnet console LOCAL
aaa authentication enable console LOCAL
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
aaa authentication serial console LOCAL

Would someone please explain why this is happening and how to resolve it? I'd like to remove the telnet settings, but it seems as though I won't be able to elevate under SSH.

Spooster IT Services · ‎09-15-2017

Hi SHANE,

"aaa authentication enable console LOCAL" command set the enable password locally defined under "username password" command as enable password.

Spooster IT Services Team

jumora1 · ‎09-17-2017

Strange as you have ssh, telnet and enable with LOCAL authentication, i've worked with that code and never had an issue.

I would suggest to open a TAC case

Security Engineer
juanmh8419@gmail.com
Skype: juanmh8419@hotmail.com