06-14-2014 04:17 PM - edited 03-11-2019 09:20 PM
hi all,
i configured our new ASA 5525-X for AAA/TACACS+ but got locked out so i have to reboot.
when i applied the AAA config, it showed an error saying 'enable_15' in not in LOCAL database.
it this the fallback method or should it be the telnet/enable passwords that should be used?
is this for ASDM purpose?
ASA02/admin# sh run
Fallback authorization. Username 'enable_15' not in LOCAL database
Solved! Go to Solution.
06-15-2014 02:06 AM
Hi John,
On AAA settings you have mentioned Tacacs and LOCAL as the fall back option.... but have you created with privilege 15. If you have created as such you shouldn't get that error pops.
username <name> password [PASSWORD] encrypted privilege 15
Hope this helps
Regards
Karthik
06-14-2014 10:04 PM
Hi John,
This is due to the authorization / aaa setting in a multi context firewall. You need to tweak it carefully to avoid confusion. You can follow the below mentioned document to understand it better.
http://www.cisco.com/c/en/us/td/docs/security/asa/asa80/configuration/guide/conf_gd/mgaccess.html
Hope this helps.
Regards
Karthik
06-14-2014 11:03 PM
06-15-2014 02:06 AM
Hi John,
On AAA settings you have mentioned Tacacs and LOCAL as the fall back option.... but have you created with privilege 15. If you have created as such you shouldn't get that error pops.
username <name> password [PASSWORD] encrypted privilege 15
Hope this helps
Regards
Karthik
06-16-2014 12:55 AM
hi karthik,
i didn't configure the local user that's why i got locked out.
i thought that this was initially for ASDM that's why i left it out.
06-16-2014 01:32 AM
Hi John,
Good to know that your issue is solved. Thanks!!!
Regards
Karthik
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide