Create an Admin Account for ASA 5510

Matthew Martin · ‎11-08-2013

Hello All,

I've been looking all over the place to try and find if it's possible to create more then one admin account on a Cisco ASA 5510. I search google but couldn't find anything. I looked through the CLI using telnet and also on the "Cisco ASDM 7.1 for ASA" application window and still can't find a way, or if its even possible.

I was hoping to abe able to create a secondary admin account, is this possible?

Thanks,

Matt

Jouni Forss · ‎11-08-2013

Hi,

What is your "aaa" configuration?

The output of the following command should tell this

show run aaa

I am just wondering if you are using the configuration

aaa authentication enable console LOCAL

If you are using the "aaa" configurations only for the "http" , "telnet" and "ssh" and not "enable" then I guess no matter what ever "username" configuration you log in with then using the enable password will grant you full rights with regards to configurations.

If you had "aaa authentication enable console LOCAL" then I think the "privilege" set in the "username" configuration for the account sets the amount of commands you can use.

- Jouni

Matthew Martin · ‎11-08-2013

Hey Jouni, thanks for the reply.

Yes, we are setup to need a password when entering "enable" command. But here is the 'aaa' config below...

show run aaa:

     aaa authentication ssh console LOCAL
     aaa authentication telnet console LOCAL
     aaa authentication http console LOCAL
     aaa authorization command LOCAL

But what I was trying to see was if it's possible to create a "secondary" account for another administrator/user.

For example:

Say there is 5 of us administrators who look at the ASA from time-to-time, is it possible to create an admin account for each person?

Thanks again for your reply!

Thanks,

Matt

Jouni Forss · ‎11-08-2013

Hi,

You can create as many "username" configurations as you want to login to the ASA.

username password privilege <0-15>

- Jouni