Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
9883
Views
0
Helpful
3
Replies

Create an Admin Account for ASA 5510

Matthew Martin
Level 5
Level 5

‎11-08-2013 08:38 AM

Hello All,

I've been looking all over the place to try and find if it's possible to create more then one admin account on a Cisco ASA 5510. I search google but couldn't find anything. I looked through the CLI using telnet and also on the "Cisco ASDM 7.1 for ASA" application window and still can't find a way, or if its even possible.

I was hoping to abe able to create a secondary admin account, is this possible?

Thanks,

Matt

Labels:
0 Helpful
3 Replies 3

Jouni Forss
VIP Alumni
VIP Alumni

‎11-08-2013 09:18 AM

Hi,

What is your "aaa" configuration?

The output of the following command should tell this

show run aaa

I am just wondering if you are using the configuration

aaa authentication enable console LOCAL

If you are using the "aaa" configurations only for the "http" , "telnet" and "ssh" and not "enable" then I guess no matter what ever "username" configuration you log in with then using the enable password will grant you full rights with regards to configurations.

If you had "aaa authentication enable console LOCAL" then I think the "privilege" set in the "username" configuration for the account sets the amount of commands you can use.

- Jouni

0 Helpful

Matthew Martin
Level 5
Level 5
In response to Jouni Forss

‎11-08-2013 09:39 AM

Hey Jouni, thanks for the reply.

Yes, we are setup to need a password when entering "enable" command. But here is the 'aaa' config below...

show run aaa:

     aaa authentication ssh console LOCAL
     aaa authentication telnet console LOCAL
     aaa authentication http console LOCAL
     aaa authorization command LOCAL

But what I was trying to see was if it's possible to create a "secondary" account for another administrator/user.

For example:

Say there is 5 of us administrators who look at the ASA from time-to-time, is it possible to create an admin account for each person?

Thanks again for your reply!

Thanks,

Matt

0 Helpful

Jouni Forss
VIP Alumni
VIP Alumni
In response to Matthew Martin

‎11-08-2013 10:23 AM

Hi,

You can create as many "username" configurations as you want to login to the ASA.

username password privilege <0-15>

- Jouni

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents