Solved: unable to login in FWSM

MANIVANNAN NAGARAJAN · ‎04-14-2011

Hi,

I am having two dc switches with FWSM modules installed. DC switch1 FWSM (Ver 3.2(12) is wokring as active and Secondary DC switch2 FWSM (ver 3.2.(12) is in standby mode.

From yesterday I am trying to login primary FWSM, It is accepting my username and credentials but prompting again for username please refer below

DXB-DC1>session slot 5 p 1
The default escape character is Ctrl-^, then x.
You can also type 'exit' at the remote prompt to end the session
Trying 127.0.0.51 ... Open

User Access Verification

Warning: Authentication is enabled for system context. Use admin context credentials.

Username: managarajan
Password: ********
Username:

I can login to my secondary firewall without any issues.

DXB-DC2>session slot 5 p 1
The default escape character is Ctrl-^, then x.
You can also type 'exit' at the remote prompt to end the session
Trying 127.0.0.51 ... Open

User Access Verification

Warning: Authentication is enabled for system context. Use admin context credentials.

Username: managarajan
Password: ********
Type help or '?' for a list of available commands.
DXB-FWSM1> en
Password: ***********

I can see all my data traffic is fine except not allowing me to login.

DXB-FWSM1# sh failover
Failover On
Failover unit Secondary
Failover LAN Interface: FO Vlan 70 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 15 seconds
Interface Policy 50%
Monitored Interfaces 0 of 250 maximum
Config sync: active
Version: Ours 3.2(12), Mate 3.2(12)
Last Failover at: 00:09:10 UAE Feb 19 2010
    This host: Secondary - Standby Ready
        Active time: 1208 (sec)
        admin Interface inside (10.10.96.2): Normal (Not-Monitored)
        admin Interface ADMIN-DMZ1 (10.10.97.2): Normal (Not-Monitored)
        admin Interface ADMIN-DMZ2 (10.10.98.2): Normal (Not-Monitored)
        admin Interface ADMIN-DMZ3 (10.10.99.2): Normal (Not-Monitored)
        admin Interface outside (10.10.2.5): Normal (Not-Monitored)
        context-a Interface inside (10.10.128.2): Normal (Not-Monitored)
        context-a Interface CXA-ERP-APP (10.10.130.2): Normal (Not-Monitored)
        context-a Interface CXA-VIZ-APP (10.10.131.2): Normal (Not-Monitored)
        context-a Interface outside (10.10.2.21): Normal (Not-Monitored)
        context-b Interface INSIDE (10.10.160.2): Normal (Not-Monitored)
        context-b Interface CXB-ERP-DB (10.10.162.2): Normal (Not-Monitored)
        context-b Interface CXB-VIZ-DB (10.10.163.2): Normal (Not-Monitored)
        context-b Interface OUTSIDE (10.10.2.37): Normal (Not-Monitored)
        Other host: Primary - Active
        Active time: 59186243 (sec)
        admin Interface inside (10.10.96.1): Normal (Not-Monitored)
        admin Interface ADMIN-DMZ1 (10.10.97.1): Normal (Not-Monitored)
        admin Interface ADMIN-DMZ2 (10.10.98.1): Normal (Not-Monitored)
        admin Interface ADMIN-DMZ3 (10.10.99.1): Normal (Not-Monitored)
        admin Interface outside (10.10.2.4): Normal (Not-Monitored)
        context-a Interface inside (10.10.128.1): Normal (Not-Monitored)
        context-a Interface CXA-ERP-APP (10.10.130.1): Normal (Not-Monitored)
        context-a Interface CXA-VIZ-APP (10.10.131.1): Normal (Not-Monitored)
        context-a Interface outside (10.10.2.20): Normal (Not-Monitored)
        context-b Interface INSIDE (10.10.160.1): Normal (Not-Monitored)
        context-b Interface CXB-ERP-DB (10.10.162.1): Normal (Not-Monitored)
        context-b Interface CXB-VIZ-DB (10.10.163.1): Normal (Not-Monitored)
        context-b Interface OUTSIDE (10.10.2.36): Normal (Not-Monitored)

Stateful Failover Logical Update Statistics
    Link : STATE Vlan 71 (up)
    Stateful Obj     xmit       xerr       rcv        rerr
    General        7728076    0          3869499885 4
    sys cmd      7728076    0          7728070    0
    up time      0          0          0          0
    RPC services      0          0          10387282   0
    TCP conn     0          0          2243011595 0
        UDP conn     0          0          1364688683 0
    ARP tbl      0          0          243684257 4
    Xlate_Timeout      0          0          0          0
    AAA tbl      0          0          0          0
    DACL         0          0          0          0
    OSPF Area SeqNo     0          0          0          0

    Logical Update Queue Information
              Cur     Max     Total
    Recv Q:     0     18     191072852
    Xmit Q:     0     0     7728076
DXB-FWSM1#

Could you please help to resolve the issue.

Best Regards,

Nagarajan

sean_evershed · ‎04-14-2011

Hi,

Are you using tacacs or radius authentication?

- If so are there any errors on your authentication server?

- Do you have SSH and/or ASDM enabled as well on the FWSM? If so do you get the same problem?

You can test aaa authentication with the command:

test aaa-server authentication

See below:

http://etherealmind.com/cisco-asa-and-ios-command-tip-test-aaa-server/

View solution in original post

sean_evershed · ‎04-14-2011

Hi,

Are you using tacacs or radius authentication?

- If so are there any errors on your authentication server?

- Do you have SSH and/or ASDM enabled as well on the FWSM? If so do you get the same problem?

You can test aaa authentication with the command:

test aaa-server authentication

See below:

http://etherealmind.com/cisco-asa-and-ios-command-tip-test-aaa-server/

sangeeth.n191 · ‎11-15-2017

Hi

I am also facing the same issue in FWSM version 3.2(13) in which there is no AAA configuration . Kindly find the warning message below:

User Access Verification

Warning: Authentication is enabled for system context. Use admin context credentials.

Username: ------
Password: ********

We are able to login to the module without any issues, but i would like to know why this warning is popped out while each time i am logging in. Is there any way for avoiding this warning message?

Kindly help to resolve this issue.