08-21-2022 10:49 PM - edited 08-21-2022 10:56 PM
hi,
i need to update the local username database in a multiple context ASA.
just a quick question, do i just apply the username in "admin" context where AAA is configured or in "system" context?
i can see the local username can be configured in both contexts.
also just to clarify if SSH and AAA (configured in "admin" context) are cutoff and only console access is available, i need the local username and enable configured in "system" context?
08-22-2022 05:53 AM
You can access the ASA as a system administrator in two ways:
Access the ASA console.
From the console, you access the system execution space, which means that any commands you enter affect only the system configuration or the running of the system (for run-time commands).
Access the admin context using Telnet, SSH, or ASDM.
As the system administrator, you can access all contexts.
The system execution space does not support any AAA commands, but you can configure its own enable password, as well as usernames in the local database to provide individual logins.
You can access a context using Telnet, SSH, or ASDM. If you log in to a non-admin context, you can only access the configuration for that context. You can provide individual logins to the context.
08-22-2022 06:00 PM
hi,
so just to be clear, if i don't have SSH and ASDM access to a multiple context ASA and only have console access, in order to login and make changes i need to configure a local username and enable PW on the "system" context?
can i jump from "system" to any context using the system's local username?
08-24-2022 05:12 AM
so just to be clear, if i don't have SSH and ASDM access to a multiple context ASA and only have console access, in order to login and make changes i need to configure a local username and enable PW on the "system" context?
System Context. you can create a local username and password with privil level. you can also configure the enable password.From System Context you can jump on any other context of the firewall. As the system administrator, you can access all contexts.
can i jump from "system" to any context using the system's local username?
No. for this you need the admin context is just like any other context, except that when a user logs in to the admin context, then that user has system administrator rights and can access the system and all other contexts.
so in short in order for you to access all context your usename has to be in admin-context.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide