Friday, October 15, 2021

Cisco ASA Mutiple Context-Based ASA Firewall login Command

Here's a link about AAA and local username database in a Cisco ASA Multiple mode/Context-based Firewall. You should use the login command instead of enable in order to use the local username account (with privilege 15) for AAA fallback wherein the remote authentication server such TACACS+ or RADIUS is not reachable. This would allow you to jump to a context and issue any show and global config commands.

ciscoasa/pri/act> enable

Username: cisco-admin

Password: ***********

ciscoasa/pri/act# changeto context admin

ciscoasa/pri/act/admin# show run interface Manamgement0/0

Fallback authorization. Username 'enable_15' not in LOCAL database

Command authorization failed

 

ciscoasa/pri/act/admin# configure terminal

Command authorization failed

 

 

ciscoasa/pri/act> login

Username: cisco-admin

Password: ***********

ciscoasa/pri/act# changeto context admin

ciscoasa/pri/act/admin# show run interface Manamgement0/0

!

interface Management0/0

 management-only

 nameif management

 security-level 100

 ip address 192.168.1.1 255.255.255.0 standby 192.168.1.2

 

No comments:

Post a Comment