[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now


username and password

Posted on 2008-10-02
Medium Priority
Last Modified: 2012-05-05
Hi Experts,

By default, cisco ASA 5505 has blank username and password when you connect to it either by console or through IE https.

Is a good idea to place a username and password in global mode level, enable level and in e0/0 (outside interface). What is the best practice to put the username and password and how you will go about put one in (eg CLI command).

Appreciate any help
Question by:mcse2007
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
LVL 24

Assisted Solution

DMTechGrooup earned 200 total points
ID: 22631119
enable password myEnableSecret encrypted

 Set the enable password (displays encrypted). Displays in encrypted form, with the word "encrypted" at the end. Note that when entering the command leave off  "encrypted" keyword or the PIX will assume that the string you are putting in is the encryption of the actual password.  

passwd myLoginSecret encrypted

 Set the user mode password, the first password challenge when using Telnet.  Note that when executing the command leave off the "encrypted" keyword or the PIX will assume that the string you are putting in is the encryption of the actual password.

LVL 12

Accepted Solution

Pugglewuggle earned 1000 total points
ID: 22631340
Hi mcse2007 - good to see you again!
The standard for securing Cisco devices with username and password info is to use AAA - Authentication, Authorization, and Accounting.
While it is still advisable to leave the password and enable password commands in the config in case something comes up, the proper way to do it is to use AAA. Cisco will tell you the same thing.
Here are the commands you need to activate AAA as well as the password and enable password:
! This sets up AAA to use the local AAA database to authenticate all connection methods
aaa authentication enable console LOCAL
aaa authentication http console LOCAL
aaa authentication serial console LOCAL
aaa authentication telnet console LOCAL
aaa authentication ssh console LOCAL
aaa authorization exec authentication-server
! This sets up the non-AAA management passwords. You MUST remember the enable
! password to use the enable command with
enable password  <Your Enable Here>
passwd <Your Regular Password Here>
! This sets up a username to manage the device
username <Your Username Here> password <Your Password Here> privilege 15
! This sets up a username to connect via VPN or something else
username <Your Username Here> password <Your Password Here> privilege  0
Replace everything in brackets with your values.
Please note that you MUST remember the enable password to make changes to your device. If you already have one you don't need to run this command.
Also, you don't need to make the privilege 0 user - I was just using that as an example - however, you MUST have at least one privilege 15 user to manage the device.
From now on, when connecting to the console or command line, use the username and password combo to login and then use the enable password to enable.
When connecting via ASDM, just use the username/password combo.
Do note that you create VPN users with the database command as well - just with privilege 0.
Cheers! I hope that helps!
LVL 12

Expert Comment

ID: 22631347
Forgot to mention - one other feature is that in a big company that has centralized password management - AAA is used to connect to an AAA server - that way every device in the organization can be managed with a username and password that is only set once on the AAA server! Very cool.
AAA servers include RADIUS servers and TACACS+ servers. However, for a small setup, using one of these servers is uncessary and a pain to manage. It's best to use the LOCAL database as the commands I sent you do.
Cheers again!

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.


Author Closing Comment

ID: 31502658
Again, appreciated your input. BTW, Pugglewuggle how many cisco asa do you manage @ work?
LVL 12

Expert Comment

ID: 22639930
Hi mcse2007 - actually manage 3 ASA 5505s, 1 ASA 5520 and 1 ASA 5510 at work. On the side I run my own networking design and consulting company. At client sites I've installed over 20 ASAs. Pretty shoddy I only make $10 an hour at my real job though... I guess it's because I'm only 20. It does seem like I can roll with the pros on here with no problem though... I just don't know how to get paid more! :-P

Author Comment

ID: 22642781
Good for you Pugglewuggle.

Here in Sydney, Australia, Cisco engineers are in hot demand perhaps you should consider moving  for better pay :-)

BTW, does Cisco offers certification in PIX firewall?
LVL 12

Expert Comment

ID: 22642923
Cisco does offer a professional level security cert called a CCSP and of course there's the Security CCIE.
I actually have always wanted to visit AU... what is the salary there? I'm in Texas in the United States and TX currently has the hottest economy in the country.
Just curious!

Author Comment

ID: 22643171
It varies depending particularly on the company (e.g private, publicly listed etc) but usually, the following are close indication of what the market offers in AUD currency.
CCNA =<65K
CCNP =>75K
CCIE =>110K
LVL 12

Expert Comment

ID: 22643218
That's about what they are here (except CCIE is more like $100,000+ USD). I just need to figure out how to get in on it.
Thanks and cheers!

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question