Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6358
Views
0
Helpful
1
Replies

Adding a remote/VPN user to a local ASA 5506, easy question (I think)?

Go to solution
Pete Johnstone
Level 1
Level 1

‎03-27-2017 09:20 PM

So I've added a few new VPN users to the local ASA, using the following syntax:

username username password password

This seems to work just fine, and I can connect to the VPN using the new accounts, etc.  However, I noticed in the list of users on the ASA, the users I add have something like this:

username username password somelongencryptedlookingpassword

However, the accounts that were already created look like the following:

username username password someencryptedlookingpassword  encypted

I guess I'm trying to figure out what the word "encrypted" is referring to at the end of the line, and why it doesn't say that at the end of the accounts I've created.  Just wondering if I'm doing something wrong here when creating these accounts.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎03-27-2017 10:36 PM

You're doing it right.

When you enter the show running-config command, the username command does not show the actual password; it shows the encrypted password followed by the encrypted keword. For example, if you enter the password “test,” the show running-config command output would appear to be something like the following:

username pat password rvEdRh0xPC8bel7s encrypted
 

The only time you would actually enter the encrypted keyword at the CLI is if you are cutting and pasting a configuration to another ASA and you are using the same password.

Source: 

http://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/T-Z/cmdref4/u.html#pgfId-1834692

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎03-27-2017 10:36 PM

You're doing it right.

When you enter the show running-config command, the username command does not show the actual password; it shows the encrypted password followed by the encrypted keword. For example, if you enter the password “test,” the show running-config command output would appear to be something like the following:

username pat password rvEdRh0xPC8bel7s encrypted
 

The only time you would actually enter the encrypted keyword at the CLI is if you are cutting and pasting a configuration to another ASA and you are using the same password.

Source: 

http://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/T-Z/cmdref4/u.html#pgfId-1834692

0 Helpful
Customers Also Viewed These Support Documents