05-04-2016 07:57 AM - edited 03-12-2019 12:42 AM
Hi Guys,
Is it possible to have a second enable password on a Cisco ASA5516 firewall running version 9.5? If so, please provide me with the commands to do it on the CLI?
Any help would be greatly appreciated.
Thanks,
Lake
Solved! Go to Solution.
05-04-2016 09:58 AM
Hello;
Here it is:
aaa authentication ssh console LOCAL
aaa authorization exec authentication-server auto-enable
VERY IMPORTANT!!!! This is for users trying to access SSH and being authenticated against the local database. You need to understand that any other user with Priv 15 user will be automatically allowed to enable mode.
You can modify the above commands to suit your needs, example for telnet, console or using your authentication server.
If you have any questions, let me know
Mike.
05-04-2016 08:45 AM
Hello;
What do you mean by a second enable password? What would be the use of that? Would that be for another user?
Mike.
05-04-2016 08:47 AM
It is for another user? Is it possible to do that?
Thanks,
Lake
05-04-2016 08:49 AM
Hello;
Not other enable password, but you can create a user and password and that would get him directly to the enable mode.
The bad thing with this is that all users with Privilege 15 will have full access to the device without the use of enable password.
Let me know if that suits the need.
Mike.
05-04-2016 08:52 AM
Can you please provide me with the command to give a second user access to the asa console without the enable password?
Thanks,
Lake
05-04-2016 09:58 AM
Hello;
Here it is:
aaa authentication ssh console LOCAL
aaa authorization exec authentication-server auto-enable
VERY IMPORTANT!!!! This is for users trying to access SSH and being authenticated against the local database. You need to understand that any other user with Priv 15 user will be automatically allowed to enable mode.
You can modify the above commands to suit your needs, example for telnet, console or using your authentication server.
If you have any questions, let me know
Mike.
05-04-2016 10:34 AM
Hi Maykol,
It worked like a charm. Thank you very much.
Regards,
Lake
05-04-2016 10:51 AM
Awesome.
Glad that it worked.
If you have any other questions, let me know.
Mike.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide