Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1222
Views
5
Helpful
7
Replies

Enable password on ASA 5516 version 9.5

Go to solution
Lakeram Harrypersaud
Level 1
Level 1

‎05-04-2016 07:57 AM - edited ‎03-12-2019 12:42 AM

Hi Guys,

Is it possible to have a second enable password on a Cisco ASA5516 firewall running version 9.5? If so, please provide me with the commands to do it on the CLI?

Any help would be greatly appreciated.

Thanks,

Lake

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Maykol Rojas
Cisco Employee
Cisco Employee
In response to Lakeram Harrypersaud

‎05-04-2016 09:58 AM

Hello; 

Here it is: 

aaa authentication ssh console LOCAL
aaa authorization exec authentication-server auto-enable

VERY IMPORTANT!!!! This is for users trying to access SSH and being authenticated against the local database. You need to understand that any other user with Priv 15 user will be automatically allowed to enable mode. 

You can modify the above commands to suit your needs, example for telnet, console or using your authentication server. 

If you have any questions, let me know 

Mike. 

Mike

View solution in original post

7 Replies 7

Go to solution
Maykol Rojas
Cisco Employee
Cisco Employee

‎05-04-2016 08:45 AM

Hello;

What do you mean by a second enable password? What would be the use of that? Would that be for another user? 

Mike. 

Mike
0 Helpful

Go to solution
Lakeram Harrypersaud
Level 1
Level 1
In response to Maykol Rojas

‎05-04-2016 08:47 AM

It is for another user? Is it possible to do that?

Thanks,

Lake

0 Helpful

Go to solution
Maykol Rojas
Cisco Employee
Cisco Employee
In response to Lakeram Harrypersaud

‎05-04-2016 08:49 AM

Hello; 

Not other enable password, but you can create a user and password and that would get him directly to the enable mode. 

The bad thing with this is that all users with Privilege 15 will have full access to the device without the use of enable password. 

Let me know if that suits the need. 

Mike. 

Mike
0 Helpful

Go to solution
Lakeram Harrypersaud
Level 1
Level 1
In response to Maykol Rojas

‎05-04-2016 08:52 AM

Can you please provide me with the command to give a second user access to the asa console without the enable password?

Thanks,

Lake

0 Helpful

Go to solution
Maykol Rojas
Cisco Employee
Cisco Employee
In response to Lakeram Harrypersaud

‎05-04-2016 09:58 AM

Hello; 

Here it is: 

aaa authentication ssh console LOCAL
aaa authorization exec authentication-server auto-enable

VERY IMPORTANT!!!! This is for users trying to access SSH and being authenticated against the local database. You need to understand that any other user with Priv 15 user will be automatically allowed to enable mode. 

You can modify the above commands to suit your needs, example for telnet, console or using your authentication server. 

If you have any questions, let me know 

Mike. 

Mike

Go to solution
Lakeram Harrypersaud
Level 1
Level 1
In response to Maykol Rojas

‎05-04-2016 10:34 AM

Hi Maykol,

It worked like a charm. Thank you very much.

Regards,

Lake

0 Helpful

Go to solution
Maykol Rojas
Cisco Employee
Cisco Employee
In response to Lakeram Harrypersaud

‎05-04-2016 10:51 AM

Awesome. 

Glad that it worked. 

If you have any other questions, let me know. 

Mike.

Mike
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card