01-06-2014 08:26 AM - edited 03-11-2019 08:25 PM
Hi,
I am configuring the ASA 8.4 with TACACS with below CLI configurations, I can only successfully login to the USER MODE of the ASA via TACACS, but unable to get to the enable mode of the ASA via TACACS. Also ASA is not falling to local enable password either.
Also I can successfully run the "test aaa authentication TACACS+ username abc password password1"
INFO: Authentication Successful
From same ACS TACACS works for both user mode and enable mode for routers/ switches.
Current ASA CLI
~~~~~~~~~~~~~
username [ENTER USERNAME HERE] password [ENTER ADMIN PASSWORD HERE] privilege 15
enable password [ENTER ENABLE MODE PASSWORD HERE]
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server TACACS+ (inside) host [ENTER TACACS+ SERVER IP ADDRESS HERE] [ENTER SECRET KEY HERE] timeout 10
aaa authentication http console TACACS+ LOCAL
aaa authentication ssh console TACACS+ LOCAL
aaa authentication telnet console TACACS+ LOCAL
aaa authentication enable console TACACS+ LOCAL
aaa authorization command TACACS+ LOCAL
aaa accounting enable console TACACS+
aaa accounting ssh console TACACS+
Solved! Go to Solution.