Solved

username and password

Posted on 2008-10-02
9
545 Views
Last Modified: 2012-05-05
Hi Experts,

By default, cisco ASA 5505 has blank username and password when you connect to it either by console or through IE https.

Is a good idea to place a username and password in global mode level, enable level and in e0/0 (outside interface). What is the best practice to put the username and password and how you will go about put one in (eg CLI command).

Appreciate any help
mcse2007
0
Comment
Question by:mcse2007
  • 5
  • 3
9 Comments
 
LVL 24

Assisted Solution

by:DMTechGrooup
DMTechGrooup earned 50 total points
ID: 22631119
enable password myEnableSecret encrypted

 Set the enable password (displays encrypted). Displays in encrypted form, with the word "encrypted" at the end. Note that when entering the command leave off  "encrypted" keyword or the PIX will assume that the string you are putting in is the encryption of the actual password.  

passwd myLoginSecret encrypted

 Set the user mode password, the first password challenge when using Telnet.  Note that when executing the command leave off the "encrypted" keyword or the PIX will assume that the string you are putting in is the encryption of the actual password.


http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00800949d6.shtml#authen_author
0
 
LVL 12

Accepted Solution

by:
Pugglewuggle earned 250 total points
ID: 22631340
Hi mcse2007 - good to see you again!
The standard for securing Cisco devices with username and password info is to use AAA - Authentication, Authorization, and Accounting.
While it is still advisable to leave the password and enable password commands in the config in case something comes up, the proper way to do it is to use AAA. Cisco will tell you the same thing.
Here are the commands you need to activate AAA as well as the password and enable password:
! This sets up AAA to use the local AAA database to authenticate all connection methods
aaa authentication enable console LOCAL
aaa authentication http console LOCAL
aaa authentication serial console LOCAL
aaa authentication telnet console LOCAL
aaa authentication ssh console LOCAL
aaa authorization exec authentication-server
! This sets up the non-AAA management passwords. You MUST remember the enable
! password to use the enable command with
enable password  <Your Enable Here>
passwd <Your Regular Password Here>
! This sets up a username to manage the device
username <Your Username Here> password <Your Password Here> privilege 15
! This sets up a username to connect via VPN or something else
username <Your Username Here> password <Your Password Here> privilege  0
Replace everything in brackets with your values.
Please note that you MUST remember the enable password to make changes to your device. If you already have one you don't need to run this command.
Also, you don't need to make the privilege 0 user - I was just using that as an example - however, you MUST have at least one privilege 15 user to manage the device.
From now on, when connecting to the console or command line, use the username and password combo to login and then use the enable password to enable.
When connecting via ASDM, just use the username/password combo.
Do note that you create VPN users with the database command as well - just with privilege 0.
Cheers! I hope that helps!
 
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22631347
Forgot to mention - one other feature is that in a big company that has centralized password management - AAA is used to connect to an AAA server - that way every device in the organization can be managed with a username and password that is only set once on the AAA server! Very cool.
AAA servers include RADIUS servers and TACACS+ servers. However, for a small setup, using one of these servers is uncessary and a pain to manage. It's best to use the LOCAL database as the commands I sent you do.
Cheers again!
0
 
LVL 7

Author Closing Comment

by:mcse2007
ID: 31502658
Again, appreciated your input. BTW, Pugglewuggle how many cisco asa do you manage @ work?
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22639930
Hi mcse2007 - actually manage 3 ASA 5505s, 1 ASA 5520 and 1 ASA 5510 at work. On the side I run my own networking design and consulting company. At client sites I've installed over 20 ASAs. Pretty shoddy I only make $10 an hour at my real job though... I guess it's because I'm only 20. It does seem like I can roll with the pros on here with no problem though... I just don't know how to get paid more! :-P
Cheers!
0
 
LVL 7

Author Comment

by:mcse2007
ID: 22642781
Good for you Pugglewuggle.

Here in Sydney, Australia, Cisco engineers are in hot demand perhaps you should consider moving  for better pay :-)

BTW, does Cisco offers certification in PIX firewall?
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22642923
Cisco does offer a professional level security cert called a CCSP and of course there's the Security CCIE.
I actually have always wanted to visit AU... what is the salary there? I'm in Texas in the United States and TX currently has the hottest economy in the country.
Just curious!
Cheers!
0
 
LVL 7

Author Comment

by:mcse2007
ID: 22643171
It varies depending particularly on the company (e.g private, publicly listed etc) but usually, the following are close indication of what the market offers in AUD currency.
CCNA =<65K
CCNP =>75K
CCIE =>110K
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22643218
That's about what they are here (except CCIE is more like $100,000+ USD). I just need to figure out how to get in on it.
Thanks and cheers!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
startup config modification 2 45
Cisco Any Connect Client 5 37
Clearing router cache 12 41
Load Balancing 3 15
This article will cover setting up redundant ISPs for outbound connectivity on an ASA 5510 (although the same should work on the 5520s and up as well).  It’s important to note that this covers outbound connectivity only.  The ASA does not have built…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now